SoylentNews

Sorry Telstra but This is My F@ST 5355 Router

posted by Fnord666 on Monday July 20 2020, @02:29PM   
from the taking-back-your-hardware dept.

upstart writes in with an IRC submission for GrandFireWizard:

Sorry Telstra but this is my F@ST 5355 router:

Roughly a week ago I decided to give https://pi-hole.net/ a go having endured yet another ad laden website. All went we'll[sic], installation was smooth and was up and running 15 minutes later.

All that remained was to set my routers(sic) DNS server to the pi's and my home devices would be safe. I remember seeing the option in there for it.

WTF, it was now disabled. A quick google around revealed that about a year ago (June 2017) Telstra simply decided to remove that functionality.

Surely it had nothing to do with the Australian government implementing DNS based censorship in June 2017?

So fuck you Telstra, that's my router you made me purchase. Time to find out how to take it back.

---

Original Submission

• You'll have to do more than that You'll have to do more than that (Score: 5, Informative) by Anonymous Coward on Monday July 20 2020, @02:39PM (3 children)

  by Anonymous Coward on Monday July 20 2020, @02:39PM (#1024122)

  When I started using pihole I noticed a ton of ads still slipping through, mostly on "smart" devices like android TV. Turns out a lot of things hard-code the DNS servers they use and ignore what the OS tells them.
  You need routing rules to have your pihole masquerade for any traffic on 53 (or whatever port if you're using DNSCrypt, which you should).

  Starting Score:	0		points
  Moderation		+5
  Interesting=1, Informative=4, Total=5
  Extra 'Informative' Modifier		0
  Total Score:		5

• Re:You'll have to do more than that Re:You'll have to do more than that (Score: 3, Informative) by Fishscene on Monday July 20 2020, @05:13PM (2 children)

  by Fishscene (4361) on Monday July 20 2020, @05:13PM (#1024166)

  If you have an advanced/business-grade router, you can block ALL incoming requests on port 53 to the LAN interface on your router that are not destined for your router itself.

  Basically, Port 53 should only be allowed if it is going to your router's IP address on the LAN interface.

  This effectively FORCES all devices on your network to use your router as a DNS. If they don't, they can't load anything.

  In turn, when you tell your router to use an external pihole, now all devices are forced to use the PiHole or nothing at all for DNS lookups.

  This does NOT stop devices from using hard-coded IP addresses to load ads though. Only DNS lookups.

  --
  I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.

  Parent

  • Re:You'll have to do more than that Re:You'll have to do more than that (Score: 3, Interesting) by DavePolaschek on Tuesday July 21 2020, @01:01PM (1 child)

    by DavePolaschek (6129) on Tuesday July 21 2020, @01:01PM (#1024553) Homepage Journal

    And if that forces the pi-hole to use its own dns, next time you run an update, the pi-hole will reboot, and there will be no DNS for it to use when it’s restarting, and you will have a brick. Ask me how I discovered that problem.

    Parent

    • Re:You'll have to do more than that (Score: 2) by Fishscene on Saturday July 25 2020, @12:07AM

      by Fishscene (4361) on Saturday July 25 2020, @12:07AM (#1026021)

      The idea is that *nothing* bypasses the last DNS server under your control.

      In the setup I was trying to describe:
      PiHole > |Router Firewall that blocks ALL DNS requests unless they are destined for the router itself| > Router DNS > Whatever the heck you want.

      This allows for filtering, and if you use your router for DHCP, you *still* get name resolution for clients and servers on your network.

      --
      I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.

      Parent