I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.
What a shower of twats. Don’t block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.
I wouldn’t mind doing it. I run my own DNS so it wouldn’t affect me, but I figure if they’re already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it’d require a bunch of firewall rules.
Now, all of that is moot point cause I hate the whole “smart TV” thing, so they’d never be connected to the internet.
I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.
I disabled the wifi yes. I deleted the wifi config and cleared the password too.
Dang what an arseholes they are…
I wish there was an easy way to flash it or spoof the update server or some shit that allowed us to change all this ill willed software…
FYI for those using DNS-based adblocking: I discovered that my AndroidTV box asks 8.8.8.8 when my local DNS server blocks a request.
Block all port 53 traffic from your network outside of your DNS server/pihole itself.
Block all known DoH servers.
If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.
I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
Do DoH requests go though 443?
Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
Damn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.
Depending on your router you can forward all request on port 53 to your DNS server regardless of the IP they try to use.
I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.
You mean redirecting on your router? How should google stop you from doing that? And why would you redirect to cloudflare lol
It could start using DNS over HTTPS if it had enough failed requests. Those wouldn’t be able to be redirected
What a shower of twats. Don’t block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.
Dang, so you’d have to block Google’s DNS at the router level too?
I wouldn’t mind doing it. I run my own DNS so it wouldn’t affect me, but I figure if they’re already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it’d require a bunch of firewall rules.
Now, all of that is moot point cause I hate the whole “smart TV” thing, so they’d never be connected to the internet.
Right. It’s probably easier to give it a whitelist instead of a blocklist.
I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.
I connected an old laptop with linux mint and put the TV always in HDMI mode. Problem solved.
Only if you mean the tv has no web access
https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/
I disabled the wifi yes. I deleted the wifi config and cleared the password too.
Dang what an arseholes they are… I wish there was an easy way to flash it or spoof the update server or some shit that allowed us to change all this ill willed software…
Then block 8.8.8.8 and use 1.1.1.1 or Quad9