DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Useful / Easy DNS Sink
- ytene
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
23 May 2021 20:59 #99351
by ytene
Useful / Easy DNS Sink was created by ytene
I hope this will prove interesting.
After migrating my 2862ac to a 16-bit network address (I went with 172,16.*.*) and getting all my home devices comfortably moved across to this addressing scheme, I turned my attention to DNS and came up with a really neat/useful solution. I found a software package called Pi-Hole (seehttps://pi-hole.net/ ).
This is a "DNS Sink" - meaning that it can be used to "sink" DNS requests for "known bad" sites. Once activated, you get something that operates with very similar results to "ad-block" technology - the primary purpose is to block DNS queries for ad-service platforms - but of course Pi-Hole works at your network level, which means that it can block advertising and other undesired traffic to all your network devices, not just your PC. So, if, say, you're a Windows 10 user and sick of sending gigabytes of "telemetry" to Microsoft, here's your solution for that...
Looking at the stats from mine [the GUI really is exceptionally good] I can see that it has 93,200 domains in it's primary blocklist and that it is currently blocking 10.3% of all requests on my network. Using the GUI it is trivially easy to add domains to either a custom block-list or a custom allow-list (just in case you are seeing issues with something being blocked by default that you want access to...) Even more interesting, when I log in to the GUI to get access to more detail, I can see that my top blocked clients are:-
My iPad Pro 12"
My iPad Pro 11"
My iPhone 7 [seeing a pattern here yet?]
My Samsung smart TV
My main home PC
in that order. When I then click through to take a look at [out of interest] my Samsung SmartTV, to see what is being blocked, I find:
ads.samsungads.com
sas.samsungcloudsolution.com
device-metrics-us-2.amazon.com
Again, the last of these is interesting because I haven't touched the Prime Video application on my smartTV in forever... and I fully power off the device at the wall when not in use. So what the heck is my TV doing talking to Amazon???
It's super-easy to go to your Draytek LAN setup and give the IP address of your Pi as your local DNS of choice [once set - use a static IP address, for obvious reasons]... And one of the nice things about Pi-Hole is that it isn't only a DNS-forwarder - it also runs a fully-featured local DNS that can be administered via the main GUI and every device on my network has a DNS address, so log parsing is user-friendly. Using a 16-bit network address means that every device on my network can be quickly identified. I'm also using the "Bind IP to MAC" feature on my 2862 to give consistent IP addresses to things like the Powerline adapters, which are DHCP-only and otherwise impossible to manage.
Been running with mine for about a year now and for the few pence per week I spend in juice for the pair of Pi 4's running it, I'd say it's proven to be worth every penny...
After migrating my 2862ac to a 16-bit network address (I went with 172,16.*.*) and getting all my home devices comfortably moved across to this addressing scheme, I turned my attention to DNS and came up with a really neat/useful solution. I found a software package called Pi-Hole (see
This is a "DNS Sink" - meaning that it can be used to "sink" DNS requests for "known bad" sites. Once activated, you get something that operates with very similar results to "ad-block" technology - the primary purpose is to block DNS queries for ad-service platforms - but of course Pi-Hole works at your network
Looking at the stats from mine [the GUI really is exceptionally good] I can see that it has 93,200 domains in it's primary blocklist and that it is currently blocking 10.3% of all requests on my network. Using the GUI it is trivially easy to add domains to either a custom block-list or a custom allow-list (just in case you are seeing issues with something being blocked by default that you want access to...) Even more interesting, when I log in to the GUI to get access to more detail, I can see that my top blocked clients are:-
My iPad Pro 12"
My iPad Pro 11"
My iPhone 7 [seeing a pattern here yet?]
My Samsung smart TV
My main home PC
in that order. When I then click through to take a look at [out of interest] my Samsung SmartTV, to see what is being blocked, I find:
ads.samsungads.com
sas.samsungcloudsolution.com
device-metrics-us-2.amazon.com
Again, the last of these is interesting because I haven't touched the Prime Video application on my smartTV in forever... and I fully power off the device at the wall when not in use. So what the heck is my TV doing talking to Amazon???
It's super-easy to go to your Draytek LAN setup and give the IP address of your Pi as your local DNS of choice [once set - use a static IP address, for obvious reasons]... And one of the nice things about Pi-Hole is that it isn't only a DNS-forwarder - it also runs a fully-featured local DNS that can be administered via the main GUI and every device on my network has a DNS address, so log parsing is user-friendly. Using a 16-bit network address means that every device on my network can be quickly identified. I'm also using the "Bind IP to MAC" feature on my 2862 to give consistent IP addresses to things like the Powerline adapters, which are DHCP-only and otherwise impossible to manage.
Been running with mine for about a year now and for the few pence per week I spend in juice for the pair of Pi 4's running it, I'd say it's proven to be worth every penny...
Please Log in or Create an account to join the conversation.
- piste basher
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
24 May 2021 07:49 #99353
by piste basher
Replied by piste basher on topic Re: Useful / Easy DNS Sink
I tried running pi-hole for a while but when I found it was making my banking site (Santander) unusable, and configuring it not to seemed to be fiendishly complicated, I gave up and stopped using it.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek