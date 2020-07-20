from the taking-back-your-hardware dept.
Sorry Telstra but this is my F@ST 5355 router:
Roughly a week ago I decided to give https://pi-hole.net/ a go having endured yet another ad laden website. All went we'll[sic], installation was smooth and was up and running 15 minutes later.
All that remained was to set my routers(sic) DNS server to the pi's and my home devices would be safe. I remember seeing the option in there for it.
WTF, it was now disabled. A quick google around revealed that about a year ago (June 2017) Telstra simply decided to remove that functionality.
Surely it had nothing to do with the Australian government implementing DNS based censorship in June 2017?
So fuck you Telstra, that's my router you made me purchase. Time to find out how to take it back.
(Score: 2, Informative) by shrewdsheep on Monday July 20, @02:36PM (1 child)
It is a fact of life that ISPs keep control over the provided modem/router. And probably for the good as firmware updates need to be pushed to customers most of whom would let the router sit there, bit-rotting (me included). If you want more control, put the router into bridge mode (and pray that's possible) and add your own router. If bridge mode is not possible, you have to accept two levels of masquerading.
(Score: 2) by Freeman on Monday July 20, @03:13PM
Apparently, there is a silver lining to getting my internet through a small ISP. I can use my own router. Which means, they don't get to magically disable functions in my router.
(Score: 2, Interesting) by Anonymous Coward on Monday July 20, @02:39PM
When I started using pihole I noticed a ton of ads still slipping through, mostly on "smart" devices like android TV. Turns out a lot of things hard-code the DNS servers they use and ignore what the OS tells them.
You need routing rules to have your pihole masquerade for any traffic on 53 (or whatever port if you're using DNSCrypt, which you should).
(Score: 2) by DannyB on Monday July 20, @02:57PM
In 1999 before there was such a thing as off the shelf routers that had NAT, I had to make my first Linux box do the NAT, DHCP, and DNS, plus a few other services.
What if you set up a Pi to provide maybe a 2nd level of NAT, with DHCP and your own DNS resolver that resolved from your choice of outside DNS?
(Score: 0) by Anonymous Coward on Monday July 20, @03:09PM
yeah, IF you need to acquire a ISP controled "media converter" with routing (nat) function then put it in "bridge mode" (pure media converter no NAT).
i cannot, for example, use my own fibre GPON ONU in SFP formfactor (because blah-blah and GPON isn't really a standard; a topic for another time) so i have to use the ISPs ONU.
it can be configured into a "semi" bridge, where it does media conversion (fiber-2-ethernet) and logs in to the isp (Q-inQ) vlan.
after this the pppoe packets come out the ethernet and i can use a device like a ubiquiti edgemax lite to login to pppoe and get a IP addresse (and ignore the offered dns server from ISP).
if one cannot set bridge mode then one could set a firewall rule on the internal interface (ethernet or wifi) to block all destination with port 53 except if the source of the request is the internal, user controlled dns server, say a pi-hole.
the internal devices requiring dns would need to be configured with manual dns settings (ip of pi-hole) or dhcp with offered dns server set as pi-hole server ip.
if dns is hardwired into the device ... throw it away 'cause that's compromised right outta box.