EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

  • @ShitpostCentral
    link
    English
    21 year ago

    Look into Pi-hole. It’s an easy-to-setup DNS server which can run on a Raspberry Pi (or a Linux desktop/server if you have one.) You can then set your devices’ DNS servers to the local address where the Pi-hole is running. Since it would be running on your local network, any requests to it shouldn’t go through your ISP in the first place. I’d still recommend getting your own router anyways because this kind of ISP fuckery is more common than you’d expect. Plus, your exact configurations follow you anywhere you move. If you do end up getting one, set the local DNS server in the DHCP settings of your router to avoid having to set it on each device.

    • @vector_zero
      link
      English
      61 year ago

      Doesn’t the RPi still go through the ISP? You’d still have to find a way to bypass their hijacking attempts, just on a different device this time.

      • slazer2au
        link
        English
        51 year ago

        Dot or doh will stop the DNS rewrites.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        1 year ago

        You’d have to use DNS over HTTPS, DNS over TLS, or DNS over QUIC. As far as I know, PiHole doesn’t support these out-of-the-box, so AdGuard Home is a better choice (it’s like PiHole but more powerful).

        I know PiHole had plans to implement this though, so maybe they do support it now.

      • A Mouse
        link
        fedilink
        English
        11 year ago

        Using something like DoH or DoT can help with this, I don’t know about pi-hole, however adguardhome can do it.

    • A Mouse
      link
      fedilink
      English
      11 year ago

      Using your own router is the best way, I just finished setting up DoH, I am using a router with OpenWRT, so installed https-dns-proxy with luci-app-https-dns-proxy. It has options to hijack DNS so that all local devices will be routed to the router DNS even if they try to use a DNS server directly.

      More information can be found here.

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      Adguard home is a better choice as it supports DoT and DoH, which OP will need to use to be able to bypass their ISPs DNS hijacking.

      Pihole only supports unencrypted DNS on port 53 which is what the ISP is targeting.