I already know that private DNS is important for privacy. I’m using Quad9 btw.

But recently I hear a lot about NextDNS and similar providers that give more advanced features such as custom filters and domain blocking. I’m getting interested in that topic now as I have to use some proprietary apps with a lot of trackers in them.

However I’m really struggling to find useful information about what domains to block, what settings to use in one or another use case etc. I don’t have much experience with firewalls and server stuff either which makes it even harder.

So, could anyone share some good resources on this so I can get started? Or should I just not worry about it and use a whole other system such as firewall?

  • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Well, why don’t you just try NextDNS? Don’t like signing up to try a service? You don’t have to. Go to nextdns.io, click “Try it now” and there you go. No account required for 7 days.

    You don’t need to add domains yourself, you just choose from existing blocklists they provide. Each have some description, just like all the settings.

    Alternatively, Mullvad freely provides DNS with some blocking too, but you can’t edit anything.

  • Wave@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    2 months ago

    IMHO An old PC or Raspberry Pi + Pi-Hole or AdGuard Home is the way to go. Set up Wireguard if you need to use it outside of home, or if Youre adventurous you could buy a domain and expose DoH over port 443. Both softwares provide you with built in block lists. Then you can use quad9, adguard, nextdns, mullvad, really any provider with a good privacy policy you trust for that DNS server you set up. Hell you could even do your own with unbound

  • masterofn001@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    2 months ago

    Dnscrypt-proxy supports DNS over https (doh), oblivious DNS over https (odoh), DNS over TLS (dot), and dnscrypt (encrypted and anonymous DNS).

    IP and domain blacklist. IP whitelist.

    End to end encrypted.

    You can use quad9, cloudflare, etc, or any provider you like.

    I use https://dnscrypt.ca/about.shtml for my doh and as one of my dnscrypt servers.

    Depending on your os it’s pretty simple to setup.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    I suggest ControlD.com p2 server as its free and kills known malware, trackers, and ads with no work other than adding it. They have a p3 that blocks big social and p0 blocks nothing.

    • Cheradenine@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      ControlD is good, I have it setup at work. Their paid plans allow more fine control.

      They can also be used to unlock geoblocking both on free and paid plans.

      Coworkers need TikTok, YouTube, and Twitter, otherwise I would block that crap too.

      • shortwavesurfer@lemmy.zip
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        I added ControlD p2 server for blocking ads, trackers, and malwRe to my familys’ phones, my phone, and my router. The fact that it blocks known malware by default is a big selling point for me.

  • geography082@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    2 months ago

    Been using Nexdns and is great . It adds the part of adblocking and maybe more agresive and granular filtering . Tried controlid but looks like a fancy version and less customized of it.

  • Cheradenine@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Have a look at RethinkDNS, https://docs.rethinkdns.com/dns/ their wiki is pretty good. They have recommended block lists, and also have a feature that let’s you search inside block lists to see what they actually cover.

    If you are on Android they have a companion app, you do not need to use it though. The app adds a good firewall (capture and redirect port 53 for example) and detailed logs if you want. You can block domains and specific IP addresses.

    It’s all FOSS too

    • f4f4f4f4f4f4f4f4@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I was recommended by a well-known privacy guide to use Rethink with AhaDNS Blitz, but it seems to fail often; nothing resolves until the VPN is stopped and restarted. Any ideas or advice?

    • N0x0n@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      +1 for the android app ! If you’re “paranoid” you can block all apps by default and only allow apps you trust to connect to the internet. You can even for each app allow certain domains or IP’s, even wildcard domains for exemple to allow googles video chain like r3---sn-25glene6.googlevideo.com for only certain apps and not others… Like it’s fully customizable !!!

      You can even hook your personal wireguard connection with DNS server like pihole…

      RethinkDNS is awsome !

      • Cheradenine@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I really like the block all apps by default. I read release notes, download something, scan with App Manager. If that’s all good then it can connect to the internet.

        And I use the Wikipedia app so I can block intake-analytics.wikimedia.org and the app still works.

  • bokherif@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Look into DNS over HTTPS. Otherwise no matter what provider you use, DNS is just unencrypted.