FREE DNS SERVICE

Eruditeswine

Member
Joined
Jul 18, 2016
Messages
269
Reaction score
178
1. Either one is okay. On the cloud based Pi-hole I use Cloudflared. On the local Pi-hole instance I use Unbound.

2. IMHO thiis is not a good habit, but probably different people have different preferences. Electronics product especially the power supply, have inrush current which may stress the front end components every time you turn it on. So the life span may be reduced.

If you are worry about SD card (or USB drive) corruption, then it is probably better to shutdown the Paspberry Pi first before shutdown other things. That being said, no need worry too much either, just duplicate your SD card (or USB drive) so that you have a backup. If the thing got corruptted then just pop in an other one.

Remember to back up after finishing the setup and when you change some settings. Then it is very easy to import the settings (including the adlists) by using the teleporter restore function.
Appreciate the prompt response as always.

1. After using both, which do you prefer?

2. So you leave your network on 24/7 just like refrigerator, washer and similar appliances?

Thanks for the head's up on backup.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
Appreciate the prompt response as always.
1. After using both, which do you prefer?
2. So you leave your network on 24/7 just like refrigerator, washer and similar appliances?
Thanks for the head's up on backup.

1) Different people may have different preferences. I am leaning toward using Unbound now with Pi-hole.

2) Yes.
 

firesong

Supremacy Member
Deluxe Member
Joined
Jan 17, 2001
Messages
8,819
Reaction score
4,837
Hi there,

I am using pixel 2xl and set custom dns on the WIFI and it is not working.
It is the same issue here.
Google has DNS hardcoded into pixel.
Any easy work around?
https://issuetracker.google.com/issues/112927337?pli=1
1. Set a firewall rule on your edge firewall/router to redirect all DNS requests to localhost (127.0.0.1).
2. Block DNS resolution egress at the router level. Ports 53/853. Can't do anything about DoH since that sends traffic on the HTTPS port.

Beyond that, there's no way to really stop hardcoded DNS resolution requests. Of course, turning off wifi automatically bypasses that. Google may decide in future that all DNS resolution requests will be sent via mobile data if they cannot reach their own DNS servers (after all, Android is a Google product, and Google earns off use of its services), so doing that will circumvent any protection. For now, do what we can.

I've found Apple much more respectful of DNS requests - they just use what you define.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
Hi there,

I am using pixel 2xl and set custom dns on the WIFI and it is not working.
It is the same issue here.
Google has DNS hardcoded into pixel.
Any easy work around?
https://issuetracker.google.com/issues/112927337?pli=1

I follow the guide from pfSense documentation and it works for me with my Realme phones to block Google DNS, so that adblock works fine (using pfBlockerNG).

Ref screenshot of the Firewall rule settings.

KC0meeM.png


pfSense documenation:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html
Tested with DNS Leak Test and Ad block test side from the phones show it is a success.
https://www.dnsleaktest.com/ (using Unbound DNS from my pfSense box)
https://d3ward.github.io/toolz/adblock.html (100%)
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
1. Set a firewall rule on your edge firewall/router to redirect all DNS requests to localhost (127.0.0.1).
2. Block DNS resolution egress at the router level. Ports 53/853. Can't do anything about DoH since that sends traffic on the HTTPS port.

Beyond that, there's no way to really stop hardcoded DNS resolution requests. Of course, turning off wifi automatically bypasses that. Google may decide in future that all DNS resolution requests will be sent via mobile data if they cannot reach their own DNS servers (after all, Android is a Google product, and Google earns off use of its services), so doing that will circumvent any protection. For now, do what we can.

I've found Apple much more respectful of DNS requests - they just use what you define.

For DoH, you can block typical DoH providers. I only block Google as of now.

Ref: https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html

And indeed I find that the hardcoded Google DNS annoying.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
OpenWRT has quite detailed documentation about DNS Hijacking, including blocking DoT providers.
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#dns_over_https
However, at least I was not able to get it working properly last time I tried it. It is one of the areas I prefer pfSense over OpenWRT. pfSense just works. OpenWRT does not. And it usually comes to my fault in the end as I am not an experienced OpenWRT user (one example is Dual WAN setup). But again I am not an experienced pfSense user either but I just feel pfSense to be much easier than OpenWRT when it comes to more complex topic (like Wireguard and OpenVPN setup, dual WAN setup, and more complex firewall rules).
 

firesong

Supremacy Member
Deluxe Member
Joined
Jan 17, 2001
Messages
8,819
Reaction score
4,837
You can also do it in EdgeOS, but it just needs a lot of CLI finagling. Not really easy to set up at all.

Likewise for getting IPv6 tunnel support on Singtel - it's a bit annoying in the CLI. But to be fair, you can do anything in the CLI once you get very used to manipulating it, which I don't do often enough to gain experience nor have the intention to do so.
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
I am using a rooted phone.
Is there any fast way?

Not using rooted Android.

But you can try using Firefox Android browser to see if that helps. Do not use Chrome. It seems to work sometimes for me but not consistent.

Disable "using secure DNS" in Chrome Android may work temporarily as well but may not be consistent or last long.
 
Last edited:

hairymonster

Senior Member
Joined
Jun 16, 2013
Messages
1,308
Reaction score
61
Not using rooted Android.

But you can try using Firefox Android browser to see if that helps. Do not use Chrome. It seems to work sometimes for me but not consistent.

Disable "using secure DNS" in Chrome Android may work temporarily as well but may not be consistent or last long.
If you are using an adblocker which resides on your home router, you can block ads on android phone while on ur home wifi.
go to android settings and set private DNS to off.
no root required.
all ads will then be blocked on ur adguard / pihole.
 
Last edited:

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
If you are using an adblocker which resides on your home router, you can block ads on android phone while on ur home wifi.
go to android settings and set private DNS to off.
no root required.
all ads will then be blocked on ur adguard / pihole.

Unfortunately not so simple. There are applications with hard coded Google DNS. Plain Pi-hole DNS in the router will not work.

Ref: discussion in OpenWRT forum
https://forum.openwrt.org/t/block-and-redirect-dns-to-pihole/48478
Ref: Example of Android phones/apps: Chrome or some other apps under Oppo/Realme/Oneplus phones.
 
Last edited:

hairymonster

Senior Member
Joined
Jun 16, 2013
Messages
1,308
Reaction score
61
Unfortunately not so simple. There are applications with hard coded Google DNS. Plan Pi-hole DNS in the router will not work.

Ref: discussion in OpenWRT forum
https://forum.openwrt.org/t/block-and-redirect-dns-to-pihole/48478
Ref: Example of Android phones/apps: Chrome or some other apps under Oppo/Realme/Oneplus phones.

Have you tried? These posts you referenced are very old.

https://c.realme.com/in/post-details/1407705576909152256
Implementation of private dns at the OS level android pie.
 

hairymonster

Senior Member
Joined
Jun 16, 2013
Messages
1,308
Reaction score
61
Yes I am using Realme X50 5G Android 11 phone myself and I have to use firewall rules under pfSense to block Google DNS in order for the ad-blocking (pfBlockerNG) to work.
KC0meeM.png

even pointing the private dns to say "dns.adguard.com", you still get ads in chrome?
 

xiaofan

High Supremacy Member
Joined
Sep 16, 2018
Messages
34,977
Reaction score
11,667
If you are using an adblocker which resides on your home router, you can block ads on android phone while on ur home wifi.
go to android settings and set private DNS to off.
no root required.
all ads will then be blocked on ur adguard / pihole.

Other than the exceptions mentioned above, most of the time this will work plus disable Secure DNS in Chrome Android browser.

On Asus Merlin FW, there is another setting which may help as well (Prevent client auto DoH).

UvemGCq.png
 
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ Forums. Forum members and moderators are responsible for their own posts. Please refer to our Community Guidelines and Standards and Terms and Conditions for more information.
Top