sdfgeoff at gmail.com
Thu Aug 22 07:30:59 BST 2019
It may be worth mentioning that on a linux machine, you can "block" DNS
requests locally by putting them in your /etc/hosts file so they get
redirected to localhost. In fact, someone put together a file here
containing all the "suggested" redirects:
It's not network wide, but if you want it to work for your laptop
regardless of what access point you're connected to, it is an option.
No fancy metrics dashboard though....
On Thu, Aug 22, 2019 at 1:17 AM Volker Kuhlmann <list57 at top.geek.nz> wrote:
> On Mon 19 Aug 2019 23:59:07 NZST +1200, Peter Ellens wrote:
> > As you may know DNS requests are world readable, anyone in a
> > position to monitor your network traffic can see what sites your
> > going to from your DNS requests. To address this issue some cleaver
> > people developed DNS over HTTPS, its secure and can't be monitored
> > by third parties. You can setup Pi-hole to use this service.
> I regard DNS over HTTPS as very dangerous. Currently my ISP does my
> resolving on my behalf, so I have to trust my ISP; I pretty much have to
> anyway. That's more or less a local company. With DNS over HTTPS I have
> to trust the DNS provider - and there is no chance in hell I'll be
> trusting google, microsoft, faceplant, mozilla, cloudflare, or any other
> American company. What a great way to sucker everyone into vendor
> lock-in in the name of making things secure HAHAHAAHAHAAAAA.....
> The diddling with resolver information to blackhole certain domain names
> will always work (except for software that actively goes out of its way
> to detect this - you might not want to be running that in the first
> place). If you set your firewall rules to block direct DNS request to
> external resolvers you can enforce local lookup for the whole of your
> network. You still need to get your blacklist for your resolver diddling
> from somewhere, and your safety depends on the quality of that
> Alternatively, or additionally, you really want umatrix in your browser.
> It has built-in blacklists, or you can set global defaults. It has one
> of the best UIs I've ever seen and works perfectly. But only in
> the browser you install it in.
> Securing mobile phones against information leakage to the shitvertisers,
> especially google, is really difficult, but would be the most important
> thing to do. Securing your PC isn't so bad.
> Who said VPN? Good luck finding a trustworthy VPN provider first... I
> reckon I'll be safer with my ISP.
> Volker Kuhlmann
> http://volker.top.geek.nz/ Please do not CC list postings to me.
> Chchrobotics mailing list Chchrobotics at lists.ourshack.com
> Mail Archives: http://lists.ourshack.com/pipermail/chchrobotics/
> Meetings usually 3rd Monday each month. See http://kiwibots.org for
> venue, directions and dates.
> When replying, please edit your Subject line to reflect new subjects.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chchrobotics