Trusthworthy "hosts" based protection

Using pfSense, you’ll probably want to use pfBlockerNG. It’s the same basic deal. Don’t get the sweet pihole dashboard though.

Public proof that you’re a masochist, that’s what that is!

Nah, he doesn’t seem to be running k8s at home. That would be masochism.

1 Like

My issue isn’t actually with Docker proper. Done right, it’s a useful tool.

My issue is the “when all you’ve got is a hammer, everything looks like a nail” mentality surrounding Docker.

It’s very good when used correctly, and worse than bad when used incorrectly. And incorrect use is extremely common.

It’s not unlike PHP, in that regard.


Keeping this point on topic - PiHole is such a nicely done appliance-like package, tossing Docker into the mix adds a lot of complexity.

I wouldn’t recommend adding that complexity into an end-user guide when there are so few benefits from containerizing it.

1 Like

I look away for 30 seconds come back to 20 replies… I love it! lol

Is there a way to do a DNS server on the pi that supports DNS crypt. Id love to see a guide on that

DNS over HTTPS vs DNSCrypt which is better?

I love asus routers but Ill be honest making a little MIPS processor do all that work is probably going to slow down or bottleneck fast connections but it is an effective way if you have a large network and dont want to do it to all PCs the best way to actually do this is to use the native adblock feature in Tomato firmware for the asus routers

1 Like

lol, I have 6x rock64 for that purpose exactly. I’m having stability issues on the rocks though. :confused:

Fuckin kernel panics likely due to vdroop.

I need to build a custom power supply.

2 Likes

If you have one of the old MIPS routers, yes it can. But in reality it doesn’t. The only time you will notice anything is when it is managing the block lists. At least in my experience.

Of course it’s entirely dependent on how many clients you have connected. My old RT-N66U usually never had more than 15 clients, and there was never an issue.

The current router I have (RT-AC5300) has a dual core 1.6GHz ARM processor, so I do not notice any slowdown at all with Diversion and Pixelserv-tls.

Any of the recent (RT-AC87 or newer) Asus routers should have no issue running Diversion.

Yeah MIPS was cool but ARM based versions were so much better :slight_smile: … Well now you know how I block stuff locally. I hope you find the same list useful

2 Likes

Thanks for your tip… @SgtAwesomesauce and @duncanyoyo1 Im going to add a tomato firmware section :slight_smile:

Duncan if you wanna make a thread on how to do diversion and link the posts… that you be amazing :slight_smile:

  • DNSCrypt = Not an IETF standard, not very popular. Came out first.
  • DNS over TLS = IETF standard, somewhat popular, straight-up encrypts DNS packets. Technically probably the best solution.
  • DNS over HTTPS = Not an IETF standard, encapsulates DNS over HTTPS which is of course encrypted. Also evades firewalls, crappy redirecting ISPs, and censorship because it looks like normal web traffic on 443. Seems to be the most popular of the three, and likely to be a standard at some point.
2 Likes

These are huge benefits.

Yes, that’s why I chose DoH rather than DoT with quad9, they support all three methods.

Might have to write a script to implement this. I love the sound of this shit right here… ISPs will hate me

No need, just use cloudflared.

Uhmm I run pfSense as my main resolver

PFsense natively supports DNS over TLS, but I believe you will still need a proxy like cloudflared for DNS over HTTPS.

Guys I have updated the hosts source to not block microsoft and facebook LMFAO

1 Like

That defeats the entire point.

UNSUBSCRIBE

3 Likes

I did it so it doesnt break peoples stuff. you can still use the more aggressive one the guide still stands

1 Like

Solid guide, I like using the hosts file especially since it works on all applications, not just my web browser. The annoying parts of using the hosts file, though, are keeping it up-to-date and having to roll it back periodically when it breaks stuff. That’s why I started using this random script a while ago. It’s nice; it can merge multiple remote sources with a local file, merges that with your vanilla hosts file, and keeps a backup of the original (so you can revert without losing the localhost stuff). Recommended for Linux users, just throw it in /usr/local/bin or whatever.

There are other, larger projects on Github that do similar stuff but I haven’t tried them. If it ain’t broke…

1 Like