Alphane Moon@lemmy.world to Technology@lemmy.worldEnglish · 1 day agoAn ad giant wants to control your next TV’s OSarstechnica.comexternal-linkmessage-square88fedilinkarrow-up1212arrow-down12
arrow-up1210arrow-down1external-linkAn ad giant wants to control your next TV’s OSarstechnica.comAlphane Moon@lemmy.world to Technology@lemmy.worldEnglish · 1 day agomessage-square88fedilink
minus-squareSaik0@lemmy.saik0.comlinkfedilinkEnglisharrow-up23·edit-215 hours agoBlock all port 53 traffic from your network outside of your DNS server/pihole itself. Block all known DoH servers. If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole. I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
minus-squareSaik0@lemmy.saik0.comlinkfedilinkEnglisharrow-up2·32 minutes agoYes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
Block all port 53 traffic from your network outside of your DNS server/pihole itself.
Block all known DoH servers.
If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.
I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
Do DoH requests go though 443?
Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.