EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

  • m_randall
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    1 year ago

    Why can you not set your own DNS on your devices?

    If you mean you can’t set your DNS automatically that would be due to DHCP. You can setup your own DHCP server and set the DNS IP to whatever you want (8.8.8.8 etc).

    PiHole should handle all this for you all while blocking ads and being a local DNS resolver.

    • 3laws@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Why can you not set your own DNS on your devices?

      I can, they get redirected to my ISPs DNS, no matter what. This was not an issue with my pervious company.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          1 year ago

          Often, if you try to go to a non-existent domain, it’ll still return an IP address that loads a “this site doesn’t exist” page hosted by the ISP, often full of sponsored links, similar to a domain parking page.

          It’s trivial to do this. DNS requests are unencrypted and can easily be modified by an ISP, even if you use a custom DNS server like Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1. You need DNS over HTTPS or a similar technology to prevent this happening.

          • ares35@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            hijacking dns is also my provider’s first action when you’re late paying the bill. by ip or doh or a long-lived dns cache and you’re still going, but anything looked-up via a ‘regular’ dns server goes nowhere. that gets you another 2-3 weeks until they deny the modem from even authenticating.