I use Pi-Hole and works great. I've heard about AdGuard and seems the same thing as PiHole, but you have to install an app/extension. Everyone in this community recommend NextDNS. Whats the difference between them?

  • Vexz@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Maybe because that's just a firewall that can be installed on Windows, Debian/Ubuntu and Fedora. What about your mobile devices? This is where Pi-hole, AGH, NextDNS etc. win.

    • blkpws@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      that’s just a firewall

      A firewall that block DNS bypass on kernel-level, remember this.

      • Vexz@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Read the whole sentence. That "just" belongs to the fact that it's only available on a few selected OSes and none of them are for mobile devices.

        • blkpws@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          Few OSes? It's just missing the macOS (and is still free and open source)… and for phones I use https://doc.e.foundation/support-topics/advanced_privacy (free and open source, you can enable Tor network to hide your traces completely) … Any app on your phone can use their own DNS to bypass. You need custom ROM that forces a filter.

          NextDNS isn't a Firewall, so what I am saying is superior to your solution, right? Are you even paying for NextDNS?

          • darklordcrouton@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            It's possible I'm misunderstanding something, I am admittedly a layman when it comes to much of this. That being said, I believe NextDNS is marketed as a DNS level firewall. I do use Postmaster, but for the secure DNS I use a profile on NextDNS so I can implement granular control over what is being blocked on my PCs.

            Idk what mobile device you are using, but I know on Android you can use NextDNS by updating your "Private DNS" in the Android settings. If you set it to a NextDNS profile it eliminates the need to install an app, and allows NextDNS to block ads and trackers even while not at home and utilizing your mobile data (or any other network you might need to connect to). Can also be implemented in conjunction with a VPN (if that is something the user is trying to implement based on their threat model) because it is built into the system settings rather than an app using a VPN-esque connection as a sinkhole for trackers. There is also a setting that allows you to prevent bypass if activated. I use that on our router.

            Hope this helps! If I am wrong, please feel free to educate me. Always happy to learn more. 🍻

            • blkpws@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Yeah, what you said is all good, but I was telling them that in my case, I have my SmartPhone OS built-in tools to manage those filters, VPN (It is just Tor network) plus some fake GPS location. Again, all that built-in my OS… and I could even use the NextDNS as I could use any other DNS more private. Read this and you will see what I mean: https://doc.e.foundation/support-topics/advanced_privacy

              Then they started to yell at me saying NextDNS rocks 😭, which I neither know it at all because I never used it, I was just saying from the start that the Pi-Hole (or OPNsense) makes no sense because it's like running two machines for something that your own PC already can do… and I like to turn off all my devices when I go to sleep. I might be too paranoid, but I don't want to be hacked at night and leak all my data or have a crypto-mining bot (I don't know what kind of attack I could suffer) while I am sleeping… So when I am out of home or sleeping, I want all off. Unless my server at my cloud provider… hahaha 🤓

              • darklordcrouton@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Gotcha! My bad, I clearly misinterpreted the discussion. Thank you for the clarification!

                Your setup sounds pretty legit. as far as "too paranoid", I don't think that's a factor as long as the effort required to maintain your system is something you're comfortable with upkeeping and you don't feel these concerns are getting in the way of your mental well-being. I do more than work probably most of the people I know, but that's because I like to tinker and this is sort of a hobby for me. My family and partner think it's extreme, but I feel it's good to know how to implement different procedures, countermeasures, and security levels. Do I need them all? Definitely not. But there was a situation at work the other day where I was able to consult on remediation because I have exposed myself to a wide array of different tools and methodologies that most people I work with don't care to bother with. All of that to say, " do you, boo!" Follow your info tech/cyber sec bliss.

                NextDNS is cool but it also doesn't sound necessary for your use case. My primary use for it was because of the limitations of my stock OS when it comes to features like built-in firewalls. Then since I was already using it on my mobile, I just decided to experiment with wrapping it into things like Postmaster and my router to control things like smart TVs.

                My goal with my next mobile is a custom ROM where I can implement a setup similar to yours. That day can't come soon enough! 😂

                • blkpws@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  About my phone… I got a Fairphone because I want something robust that doesn't break easily, I don't need curved screens or fancy cameras. And the /e/ OS Project gives "official" support to Fairphone 2 so even if Fairphone stopped supporting the Fairphone 2 OS (official stock image) I still get updates from /e/ project which sounds like I can keep my phone for many more years. So I bought this phone specially for the custom ROM support, and installing my custom ROM was as easy as installing a new app on my system… (download binaries and flash it via ADB which I am already used to)

    • blkpws@lemmy.ml
      link
      fedilink
      arrow-up
      1
      arrow-down
      3
      ·
      1 year ago

      … any app can bypass easily your DHCP DNS provided… and as I said, I don't install any weird app on my phone, I just use it as a phone, to communicate, chat and to download podcasts to listen on night. Win. While you just win at your local home network… xD

      While my phone: https://doc.e.foundation/support-topics/advanced_privacy

      win win?

      • tuhriel@infosec.pub
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        It can't bypass my network DNS if only my DNS server is allowed to send out via port 53.

        It's really fun to see how some devices are completely panicking. (I only have some chromecast music devices which do not need any internet) Anyway, I do hate that there are manufacturers who hardcode a dns into MY devices.

        For the time I'm outside my network I do have a VPN which allows me to acces my pi-hole from outside (I never felt that the speed or latency is especially low)

        There are even routers which allow you to re-route specific ports to specific devices. So, even if the device wants 8.8.8.8 the firewall would reroute it to my dns server

        If you want a privacy friendly option that works from in/and outside your network without all the hassle above I can also recommend proton VPN which also procides tracker and ad blocking.

        • blkpws@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yeah, I already have ProtonVPN subscription that I don't really use… my smartphone OS already have built-in filter… And I can enable Tor network to all my phone connections which is safer from a plain VPN (but more problematic as many webs blocks you, that's when I can use ProtonVPN with Secure Core which is super cool yeah! :D).

          But I don't like the idea of having a VPN that allows a device from outside my LAN access in. I would feel super paranoid and unsafe, knowing there is a way to get in.

          And… my Smart TV is mainly used by my mom… still no ads but just saying… if I have a good PC… with many screens… why would I want a TV, I'm too addicted to PC. xD I can even access to the TV tuner with my PC with a HDHomeRun, and I just do mpv http://ip_of_hdhomerun/channel for example.

      • Vexz@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        … any app can bypass easily your DHCP DNS provided…

        In my network it can only do that if the app has a hardcoded encrypted DNS server because I use NAT rules to force all unencrypted DNS to be processed by my OPNsense (which uses NextDNS as upstream DNS servers). And I highly doubt many apps even have a hardcoded DNS server anyway (no matter if unencrypted or encrypted).

        and as I said, I don’t install any weird app on my phone, I just use it as a phone, to communicate, chat and to download podcasts to listen on night.

        That's your personal use case but not everyone elses. I do much more with my phone. For example browsing. And I think most people do it too. Anyway, as long as you use mobile internet even your OS on your phone could spy on you with tracker domains. Most people don't use a custom ROM so you're just one of few people who this doesn't apply to.

        While you just win at your local home network… xD

        Wrong. I use NextDNS so I have it everywhere. ;)

        • blkpws@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Wrong. I use NextDNS so I have it everywhere. ;)

          I have it everywhere too and I was talking about Pi-Hole.
          Firefox and Telegram for example has built-in DNS if I'm not wrong. (you can disable it easily)

          That’s your personal use case but not everyone elses.

          We are sharing our use cases. And my context was "I don’t understand why people even talks about Pi-Hole" and you are replying to this, not saying anything about NextDNS, just Pi-Hole.

          EDIT: Also, I think using your phone for other things is wrong, they aren't really designed for that, they aren't that secure as a PC can be.

          • Vexz@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            and I was talking about Pi-Hole

            Well, you said "you" so I thought you were talking about me since you replied to my comment.

            Firefox and Telegram for example has built-in DNS if I’m not wrong. (you can disable it easily)

            Right. I don't know about Telegram but in Firefoxes case I think it's disabled by default. I specifically checked that on my Firefox so it won't bypass my OPNsense.

            We are sharing our use cases. And my context was “I don’t understand why people even talks about Pi-Hole”

            You don't see it, do you? First you talk about your use case but then you talk about other people. So not your use case anymore. In their use case a Pi-hole, AdGuard Home, NextDNS or whatever else maybe makes sense and isn't a bad choice.

            EDIT: Also, I think using your phone for other things is wrong, they aren’t really designed for that, they aren’t that secure as a PC can be.

            Erm… what?? Smartphones are designed for many different things. Browsing the internet is just one of many things it's made for. It's called "smartphone" for a reason.

            • blkpws@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Firefoxes case I think it’s disabled by default

              No, it is not off by default, it is set on "Default Protection: Firefox decides when to use secure DNS to protect your privacy.".

              You don’t see it, do you? First you talk about your use case but then you talk about other people. So not your use case anymore. In their use case a Pi-hole, AdGuard Home, NextDNS or whatever else maybe makes sense and isn’t a bad choice.

              What happened here is: People shares their use-case, I say I don't understand why they do that, and I share my use case…

              I don't understand what's wrong with that… or what's your problem here. It's cool to know you are using NextDNS, it is not a self-hosted RPi that runs Pi-Hole that only works on local network.

              Then you replied me with:

              In my network it can only do that if the app has a hardcoded encrypted DNS server because I use NAT rules to force all unencrypted DNS to be processed by my OPNsense (which uses NextDNS as upstream DNS servers). And I highly doubt many apps even have a hardcoded DNS server anyway (no matter if unencrypted or encrypted).

              Which is all super cool, but not related with what I said about Pi-Hole.

              Erm… what?? Smartphones are designed for many different things. Browsing the internet is just one of many things it’s made for. It’s called “smartphone” for a reason.

              Smartphones are still phones (makes call when you type a number) but smart to have a contact list, a browser, calculator… that makes it smart, like accessing to your bank with their app that normally then ensure to be safe to use, but it wasn't initially designed for that, it's not a PC (I know it can do the same, but you are forcing a small device to do something that isn't designed to do), it started without being secure by design, they needed many Android versions to start implementing security and still there is some mess with permissions. It is not designed to game, watch Instagram or stuff that makes you addicted to their content…, and then it usually gets too hot and only damages your health and the device health. Now it evolved and companies tries to make you addicted to it to collect as more data as they can to provide you some ad-targeting, while making it cheap as they can with those labor-forced works (stealing resources on other countries) to make a super-mega-fast-all-in-one device that makes you think you are a professional photographer for example, adds you fake filters… That's all bullshit, and I think this is the main reason why kids are growing so wrongly, too many shit influencers and toxic society, people living in their bubble and browsing from devices like those. Most apps require many permissions that allow to collect many data, and NextDNS does nothing about this if those apps bypass your system DNS.