dohservers
metadata
dohservers | metadata | |
---|---|---|
12 | 84 | |
231 | 627 | |
- | 0.3% | |
3.8 | 0.0 | |
2 months ago | over 1 year ago | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dohservers
-
Restrict DNS resolution to pihole only
shouldn't be that hard, just load one of these... https://github.com/Sekhan/TheGreatWall https://github.com/oneoffdallas/dohservers
-
Private IPs in Public DNS: Android Private DNS by default, LetsEncrypt
No reason to put private IPs in public DNS. Use split DNS and block port 853 and use this list for DoH.
- nextDNS being blocked; solutions
-
Blocklist for other DNS/DoH/DoT services
There is some meager effort like this, but it's seriously trivial for one to create their own DoH proxy, or heck, just create their own NextDNS config. So even if you block port 853 (used by DoT & DoQ) and port 53 (unencrypted DNS), DoH traffic is simply unstoppable, yes there is traffic analysis, but with DoH3 it would be impossible to detect an innocuous-looking website serving regular traffic has a hidden DoH endpoint.
-
AdGuard Home and dealing with DoH
I run Pfsense and am able to block most common DoH services. I’m sure you will be able to configure similar options on opnsense. The best way to do this is a DNS block through AGH and an IP block with opnsense. Firefox provides what domains to block to disable their DoH, https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https. You can also add these two lists to block most other common DoH services, https://github.com/oneoffdallas/dohservers, https://github.com/Sekhan/TheGreatWall. These lists will work with AGH for DNS blocking and for IP blocking aliases. If you have any Apple devices on your network you can use these domains to block private relay, https://raw.githubusercontent.com/Rogacz/private-relay/main/pr2.txt. I recommend you add these private relay domains as a custom entry in AGH to return NXDOMAIN so that the device shows that private relay is unavailable versus using a NULL response where it will say it’s available when it really isn’t. With these lists added to DNS blocklists as well as IP blocklists I have seen almost no DoH services getting through. The only service that I’ve experienced getting through the rules so far is Next DNS since it uses different IPs depending on what is fastest for your location, making it harder to block. I found a way to discover the IPs for their servers near you and will edit the post if I find the instructions again. Also make sure to completely block port 853 to block DoT. Lastly using these instructions from Pfsense, you can redirect or block all DNS queries that aren’t destined for your AGH instance. The instructions should be transferable to opnsense.
-
AdGuard Home - Docker
I’ve also been using this to block doh domains: https://github.com/travisboss/TheGreatWall - and in conjunction, at router level, I block their IP endpoints: https://github.com/oneoffdallas/dohservers
-
How to properly block DNS ? (not only port 53)
DoH serves is another story of course. You can at least check https://github.com/oneoffdallas/dohservers/ It can be imported directly into Pi-Hole
-
Blocking DoH for family filter
After reading through this and looking at some other sources I think I am going to create a URL Table of IPs that updates every X days using the list from https://github.com/oneoffdallas/dohservers/blob/master/iplist.txt . And I'll add in the few Cloudflares that it has commented out. And I'll use that alias to block outgoing 443 to those IPs. It seems pretty low maintenance and I don't have to have another package installed, which I was hoping to avoid. And I'll block all outgoing 853 as well. We'll see how it goes
-
(Update) Ubiquiti refuses to disclose why they are tracking us.
Step 5: Add the DNS over HTTPS lists to your pihole (https://github.com/oneoffdallas/dohservers)
-
Breach of privacy in Home Assistant's implementation of CoreDNS discovered.
This isn't a complete approach, but you can block outgoing traffic from hitting DoH servers. https://raw.githubusercontent.com/Sekhan/TheGreatWall/master/TheGreatWall_ipv4 https://github.com/oneoffdallas/dohservers
metadata
- Threat Intelligence Feeds
-
Internet Archive (archive.org) blocked
Which list is blocking archive.org? If "NextDNS Ads & Trackers Blocklist", probably some kind of mistake, write about it - https://github.com/nextdns/metadata/issues
-
NextDNS - Are their lists public to use in Pihole?
You can find the NextDNS lists here: https://github.com/nextdns/metadata
-
Is NextDNS alive?
You can always look at github. This is just the activity for their metadata repo: https://github.com/nextdns/metadata/commits/masterFeel free to check their other repos.
- Threat intelligence feed, why blocked?
-
Next DNS doesn't respond to any help issues.
NextDNS gives you a whole bunch of 3rd party filters, maintained by random dudes in Github repos as a hobby. We support some of them too in the "3rd party filters" tab, however we don't encourage anyone to actually use them, as we have our own Native filters, that we've built up over the course of 5 years based on feedback for millions of Windscribe (our sister company) users. Our native filters are highly effective, and prone to much fewer false positives. We recommend you try them, you will be pleasantly surprised with how they perform. I guarantee you that you will spend 90% less time making whitelist rules for false blocks... or your money back :) "Native tracking protection" filters are all part of the IoT Filter. NextDNS has the individual toggles, which enforce this small set of rules. Out IoT filter enforces all of them, as well as 10x more things.
-
Problems with parental controls
Here is the list: https://github.com/nextdns/metadata/blob/master/parentalcontrol/categories/video-streaming.json
-
Ad blocking
Here's those native blocking lists from NextDNS: https://github.com/nextdns/metadata/tree/master/privacy/native
-
what happened to Energized ultimate?
From https://github.com/nextdns/metadata/blob/master/privacy/blocklists/energized-ultimate.json the link used is https://block.energized.pro/ultimate/formats/domains.txt which currently contains nothing but comments.
- SafeSearch Alternative Browsers
What are some alternatives?
ProxyDNS - Tool written in C which bypasses DNS-based internet censorship even when port 53 is intercepted. No longer supported.
blacklist - Blacklist and Adware Blocking for the Ubiquiti EdgeMax Router
doh-cf-workers - DNS-over-HTTPS proxy on Cloudflare Workers
NXEnhanced - Adds "quality-of-life" features to NextDNS website for a more practical usability
DoH
FTL - The Pi-hole FTL engine
TheGreatWall - Prevent program and malware to bypass DNS filter by using DoH
pihole-antitelemetry - A research-based starter pihole list to improve your privacy
plugin-dns - CoreDNS implementation for Home Assistant
blahdns - A small hobby ads block dns project with doh, dot, dnscrypt support.
cname-trackers - This repository contains a list of popular CNAME trackers
ut1-blacklists - Collection of websites blacklists managed by the Université Toulouse Capitole