6 votes

Topic deleted by author

23 comments

  1. [10]
    JXM
    Link
    I used to use AdGuard, but I switched to NextDNS a few years ago. I use that when I’m out of the house and a Pi-Hole (with NextDNS as a backup server) when I’m at home.

    I used to use AdGuard, but I switched to NextDNS a few years ago. I use that when I’m out of the house and a Pi-Hole (with NextDNS as a backup server) when I’m at home.

    5 votes
    1. [2]
      feigneddork
      Link Parent
      I've just given this a go and honestly this is the bees knees. It's like a remote PiHole minus all the faff that comes with setting up and maintaining a PiHole. Thanks for sharing!

      I've just given this a go and honestly this is the bees knees. It's like a remote PiHole minus all the faff that comes with setting up and maintaining a PiHole.

      Thanks for sharing!

      3 votes
      1. JXM
        Link Parent
        Yeah, the end result is essentially a Pi-Hole you don't have to update.

        Yeah, the end result is essentially a Pi-Hole you don't have to update.

        3 votes
    2. [5]
      runtime
      Link Parent
      How do you do automatic failover in case your PiHole is down?

      (with NextDNS as a backup server) when I’m at home.

      How do you do automatic failover in case your PiHole is down?

      3 votes
      1. [3]
        sron
        Link Parent
        Many devices let you set multiple DNS servers. I presume they have set their PiHole as the first entry and NextDNS as the second. That's why Cloudflare, for example, has both 1.1.1.1 and 1.0.0.1...

        Many devices let you set multiple DNS servers. I presume they have set their PiHole as the first entry and NextDNS as the second.

        That's why Cloudflare, for example, has both 1.1.1.1 and 1.0.0.1 as their DNS IPs: one primary, one backup.

        2 votes
        1. Weldawadyathink
          Link Parent
          For most devices, it does not treat it as a primary and backup, it treats them both as equivalent. It will use each server randomly. If you setup pihole as dns 1 and nextdns/AdGuard as dns 2, you...

          For most devices, it does not treat it as a primary and backup, it treats them both as equivalent. It will use each server randomly. If you setup pihole as dns 1 and nextdns/AdGuard as dns 2, you only get the added control benefit of pihole about have the time.

          3 votes
        2. callmedante
          Link Parent
          As I understand it, DNS doesn't work in a primary/secondary fashion. Instead, any of the DNS servers configured (on, for example, your router) could be queried for an answer, and frequently the...

          As I understand it, DNS doesn't work in a primary/secondary fashion. Instead, any of the DNS servers configured (on, for example, your router) could be queried for an answer, and frequently the user doesn't get to pick which one.

          2 votes
      2. JXM
        Link Parent
        I just have NextDNS set as my secondary DNS server in my router’s settings.

        I just have NextDNS set as my secondary DNS server in my router’s settings.

        1 vote
    3. [3]
      Comment deleted by author
      Link Parent
      1. [2]
        JXM
        Link Parent
        I think so. Basically, if you set your router to use their DNS instead of your internet providers, it can block ads/unwanted sites across anything connected to your network.

        I think so. Basically, if you set your router to use their DNS instead of your internet providers, it can block ads/unwanted sites across anything connected to your network.

        3 votes
        1. [2]
          Comment deleted by author
          Link Parent
          1. JXM
            Link Parent
            Yeah. If you don't want to mess with a Pi-hole, I highly recommend NextDNS. It's a great value to block almost all ads. One thing I'd note is that a lot of IoT devices and TVs do have hardcoded...

            Yeah. If you don't want to mess with a Pi-hole, I highly recommend NextDNS. It's a great value to block almost all ads.

            One thing I'd note is that a lot of IoT devices and TVs do have hardcoded DNS addresses and will slip through.

            3 votes
  2. [3]
    kfwyre
    Link
    Question for all you wonderful techy people here who always do a great job of helping non-techy me understand this stuff: how does something like this compare to a VPN? I’m currently using Mozilla...

    Question for all you wonderful techy people here who always do a great job of helping non-techy me understand this stuff: how does something like this compare to a VPN?

    I’m currently using Mozilla VPN (which is just rebranded Mullvad), which, as far as I understand, has its own DNS which includes some ad-blocking (but I still also use uBlock Origin on my computer and basic AdGuard on my iPhone). Is AdGuard DNS effectively the same thing as that, just from a different company? If it’s different, how so? Is it something I could use in conjunction with what I already have? If not, which one is better?

    I don’t really have a good mental model for this stuff beyond VPN meaning “I’m trusting the VPN company with my internet traffic rather than my ISP”, but I don’t even know if that’s fully accurate and don’t truly understand how DNS is (potentially) different/separate from a VPN. Basically, I need an ELI5 on all this. Any clarity anyone can provide would be much appreciated!

    3 votes
    1. Wulfsta
      (edited )
      Link Parent
      Think of a DNS as another machine on the internet that acts as a lookup table of internet addresses for your machine. Your machine makes a request that says “hey, what is the IP address of...

      Think of a DNS as another machine on the internet that acts as a lookup table of internet addresses for your machine. Your machine makes a request that says “hey, what is the IP address of ‘example.com?’” and the DNS machine replies with “that address is ‘w.x.y.z.’” If your VPN is worth its salt, it includes a DNS, so that your domain requests don’t get leaked outside of the VPN. The VPN itself is just a simulated network that exists on top of the larger network, where the connections are all encrypted to prevent the communication from being looked at by intermediate machines across those connections. VPNs are useful for a few reasons; they let you form a private network without creating your own infrastructure, if the VPN has the functionality they let you choose where it looks like your internet traffic is coming from, and if there are enough people behind the VPN it acts as a sort of internet traffic escrow. This last one is fairly meaningless since most companies would be under the jurisdiction of the country they’re in and must cooperate with requests from law enforcement.

      5 votes
    2. DrStone
      (edited )
      Link Parent
      Think of the DNS as an phonebook. You want to go to a place called "google.com", so you look up that name to find the exact (IP) address to go to. You could maintain your own phonebook, but then...

      Think of the DNS as an phonebook. You want to go to a place called "google.com", so you look up that name to find the exact (IP) address to go to. You could maintain your own phonebook, but then you'd have to worry about keeping it up to date. Good news is that there are organizations that do this, so instead you can go to your local library and ask them what "google.com"'s address is, and they can pull the info from their current phonebook. The downside is that your local library now knows everywhere you're interested in going after you ask. The library might not do anything with it, but if you instead went to the mall information desk, they might send you to a giant billboard if they don't have an address on file for "google.com" or keep track of your questions to sell your history. Either find a free phonebook holder you trust enough or pay someone for access with more "guarantees" (depending on policies and laws).

      Some phonebook managers might do extra things, like removing all addresses for advertisements from their copy. When a website or application tries to look up the address of an ad or where to send tracking messages, it won't be able to find the address in the phonebook, and will effectively be blocked from doing that (some more gracefully than others). You could block ads with a browser ad blocker, but that only works for your browser; using the special phonebook means that they're blocked for everything doing lookups from that device (or network if you tell the router to use that special phonebook)

      A VPN deals with creating special safe paths for traveling between places. Most VPN services have their own (DNS) phonebook so you don't have to go outside for your address lookups.

      4 votes
  3. Luna
    Link
    Question for anyone using this or similar services: What happens if you visit a website with adblock detection? Do you have to switch DNS servers or is adblock detection unable to detect this? The...

    Question for anyone using this or similar services: What happens if you visit a website with adblock detection? Do you have to switch DNS servers or is adblock detection unable to detect this?

    The only thing that keeps me from running a pi-hole is that I couldn't whitelist specific sites since DNS doesn't include a referrer header or some other way of identifying the DNS request is because of a whitelisted site (and even if it did, once it's cached, ad networks on a whitelisted site would be effectively whitelisted for all sites). So unless I wanted to whitelist a specific ad provider (even for sites I don't want to whitelist for), I'd be SOL.

    2 votes
  4. [10]
    Comment deleted by author
    Link
    1. [5]
      ducc
      Link Parent
      The one thing that pops into my head is Pi-hole, but I don't know if that's necessarily comparable (does it work outside of your home network?)

      The one thing that pops into my head is Pi-hole, but I don't know if that's necessarily comparable (does it work outside of your home network?)

      4 votes
      1. Toric
        Link Parent
        Pi hole would only be able to work outside of your home network if you expose it to the public internet (bad idea, pi-hole is made for internal use, has no way of authenicating DNS users, so you...

        Pi hole would only be able to work outside of your home network if you expose it to the public internet (bad idea, pi-hole is made for internal use, has no way of authenicating DNS users, so you will just get it swamped), or vpn into your home network using something like wiregaurd (good idea, pi-hole has instructions on how to do this in their docs.)

        2 votes
      2. [4]
        Comment deleted by author
        Link Parent
        1. [3]
          cfabbro
          (edited )
          Link Parent
          Pi-Hole can be run through Docker, which has a Mac and Windows client.

          Pi-Hole can be run through Docker, which has a Mac and Windows client.

          3 votes
          1. [3]
            Comment deleted by author
            Link Parent
            1. [2]
              cfabbro
              Link Parent
              I don't have a Mac, so can't verify this works, but: https://www.imore.com/how-run-pi-hole-your-mac

              I don't have a Mac, so can't verify this works, but:
              https://www.imore.com/how-run-pi-hole-your-mac

              1 vote
              1. [2]
                Comment deleted by author
                Link Parent
                1. babypuncher
                  Link Parent
                  You could set up Pihole the way it was intended: On a Raspberry Pi. It's a $35 computer. Setting one up with Pihole is trivial.

                  You could set up Pihole the way it was intended: On a Raspberry Pi. It's a $35 computer. Setting one up with Pihole is trivial.

                  4 votes
    2. [3]
      Wulfsta
      (edited )
      Link Parent
      I have a VPS that runs as a WireGuard server, that runs dnsmasq with an additional-hosts file. That file is a processed version of Steven Black’s hosts file that is updated automatically every...

      I have a VPS that runs as a WireGuard server, that runs dnsmasq with an additional-hosts file. That file is a processed version of Steven Black’s hosts file that is updated automatically every morning by a systemd service. Due to the way dnsmasq works, I don’t even need to restart the DNS.

      Clarification: this is not free as in money - you need a machine to run this sort of setup. It is FOSS though.

      1 vote
      1. [3]
        Comment deleted by author
        Link Parent
        1. [2]
          Wulfsta
          Link Parent
          Not at all - I use WireGuard on my iPhone to point to this server. The reason I did this is because apple prevents browser extensions like adblockers afaik. Essentially, when my phone makes a...

          Not at all - I use WireGuard on my iPhone to point to this server. The reason I did this is because apple prevents browser extensions like adblockers afaik.

          Essentially, when my phone makes a request for a domain it reaches out to the dnsmasq DNS server on this VPS. From there, if the domain is in the additional-hosts file it points the domain to the machine - which is to say it returns nothing.

          2 votes
          1. [2]
            Comment deleted by author
            Link Parent
            1. Wulfsta
              Link Parent
              This behavior is more or less how all adblockers work - they have a list of known ad domains and redirect requests to them to go nowhere instead of the machine that has the ads on it.

              This behavior is more or less how all adblockers work - they have a list of known ad domains and redirect requests to them to go nowhere instead of the machine that has the ads on it.

              1 vote