EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

  • slazer2au@lemmy.worldEnglish
    14·
    1 year ago

    Change the DNS servers on you devices to a DoT or DoH provider.

    The ISP can’t intercept and rewrite your requests if they are in a secure session.

  • jubilationtcornpone@sh.itjust.worksEnglish
    7·
    1 year ago

    So is your ISP blocking or redirecting outgoing requests on port 53? You said you can’t set dns servers on your own devices so I’m just trying to understand why that doesn’t work.

    • 3laws@lemmy.worldOPEnglish
      1·
      1 year ago

      So is your ISP blocking or redirecting outgoing requests on port 53?

      Correct.

      • jubilationtcornpone@sh.itjust.worksEnglish
        3·
        1 year ago

        Wow. What kind of bullshit ISP blocks outbound DNS requests? I would bitch loudly at them as they have no valid excuse for doing that. Anyway… In that case you have a few options. You can use DNS over https but that’s supported primarily by browsers. Not so much other desktop applications. I would get a router that’s capable of WireGuard and connect it to ProtonVPN (or another VPN service of your choice). You don’t have to route all traffic over VPN if you don’t want to but at least you’ll be able to use whatever DNS server you want.

  • z3bra@lemmy.sdf.orgEnglish
    5·
    1 year ago

    Setup a local DNS server in your local network, and configure it to forward everything to an external DNS provider over TLS (port 853 usually). This is known as DNS over TLS (or DoT as other people mentioned).

    I personally like https://cyberia.is

  • Morgikan@lemm.eeEnglish
    3·
    1 year ago

    Just throwing out a couple of other solutions I didn’t see mentioned for DoH/DoT:

    1. CoreDNS
    2. Blocky

    Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it’s DHCP.

  • m_randall@sh.itjust.worksEnglish
    21·
    1 year ago

    Why can you not set your own DNS on your devices?

    If you mean you can’t set your DNS automatically that would be due to DHCP. You can setup your own DHCP server and set the DNS IP to whatever you want (8.8.8.8 etc).

    PiHole should handle all this for you all while blocking ads and being a local DNS resolver.

  • ShitpostCentral@lemmy.worldEnglish
    22·
    1 year ago

    Look into Pi-hole. It’s an easy-to-setup DNS server which can run on a Raspberry Pi (or a Linux desktop/server if you have one.) You can then set your devices’ DNS servers to the local address where the Pi-hole is running. Since it would be running on your local network, any requests to it shouldn’t go through your ISP in the first place. I’d still recommend getting your own router anyways because this kind of ISP fuckery is more common than you’d expect. Plus, your exact configurations follow you anywhere you move. If you do end up getting one, set the local DNS server in the DHCP settings of your router to avoid having to set it on each device.