[chbot] [OT}Pi-hole

Volker Kuhlmann list57 at top.geek.nz
Thu Aug 22 00:17:05 BST 2019


On Mon 19 Aug 2019 23:59:07 NZST +1200, Peter Ellens wrote:

> As you may know DNS requests are world readable, anyone in a
> position to monitor your network traffic can see what sites your
> going to from your DNS requests. To address this issue some cleaver
> people developed DNS over HTTPS, its secure and can't be monitored
> by third parties. You can setup Pi-hole to use this service.

I regard DNS over HTTPS as very dangerous. Currently my ISP does my
resolving on my behalf, so I have to trust my ISP; I pretty much have to
anyway. That's more or less a local company. With DNS over HTTPS I have
to trust the DNS provider - and there is no chance in hell I'll be
trusting google, microsoft, faceplant, mozilla, cloudflare, or any other
American company. What a great way to sucker everyone into vendor
lock-in in the name of making things secure HAHAHAAHAHAAAAA.....

The diddling with resolver information to blackhole certain domain names
will always work (except for software that actively goes out of its way
to detect this - you might not want to be running that in the first
place). If you set your firewall rules to block direct DNS request to
external resolvers you can enforce local lookup for the whole of your
network. You still need to get your blacklist for your resolver diddling
from somewhere, and your safety depends on the quality of that
blacklist.

Alternatively, or additionally, you really want umatrix in your browser.
It has built-in blacklists, or you can set global defaults. It has one
of the best UIs I've ever seen and works perfectly. But only in
the browser you install it in.

Securing mobile phones against information leakage to the shitvertisers,
especially google, is really difficult, but would be the most important
thing to do. Securing your PC isn't so bad.

Who said VPN? Good luck finding a trustworthy VPN provider first... I
reckon I'll be safer with my ISP.

Volker

-- 
Volker Kuhlmann
http://volker.top.geek.nz/	Please do not CC list postings to me.




More information about the Chchrobotics mailing list