Advice Request CleanBrowsing DNS vs NextDNS vs ControlD DNS

Please provide comments and solutions that are helpful to the author of this topic.

CleanBrowsing DNS vs NextDNS vs ControlD DNS

  • CleanBrowsing DNS

    Votes: 0 0.0%

  • NextDNS

    Votes: 16 44.4%

  • ControlD DNS

    Votes: 3 8.3%

  • Other

    Votes: 17 47.2%
  • Total voters
    36
If your router is using DNS over TLS, does it still make sense to use DNS over HTTPS in the browser?
 
SohanRay said:
No dns blocking can ever block YouTube ads. That's not possible. You'll require specific https filtering extension or app for that.
Click to expand...
UBlock on my PC's FireFox and also on my Android's is blocking Youtube ads.

But obviously you can not block the ads inside the YT app. For that I would recommend "NewPipe" which is amazing.... but since it does not have any trackers therefore, the suggestions will not be as it is in the official YT app.

Privacy is always give and take.
 
If some network is blocking the use of encrypted DNS, what are your choices? Anything on the software level, like an adblocker, what can prevent them for seeing the websites you visit?
 
Templarware said:
If some network is blocking the use of encrypted DNS, what are your choices? Anything on the software level, like an adblocker, what can prevent them for seeing the websites you visit?
Click to expand...

I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.

With DNS over HTTPS (DoH), DNS queries and responses are encrypted and sent via the HTTP or HTTP/2 protocols. DoH ensures that attackers cannot forge or alter DNS traffic. DoH uses port 443, which is the standard HTTPS traffic port, to wrap the DNS query in an HTTPS request. DNS queries and responses are camouflaged within other HTTPS traffic, since it all comes and goes from the same port.
Click to expand...
 
  • Like
Reactions: Nevi and brambedkar59
Nightwalker said:
I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.
Click to expand...
I use a network that it shows in the Wifi settings "This network doesn't allow the use of cryptographed DNS", when I use NextDNS, I get no internet.
 
Templarware said:
I use a network that it shows in the Wifi settings "This network doesn't allow the use of cryptographed DNS", when I use NextDNS, I get no internet.
Click to expand...

Did you tried DNS Over HTTPS (DoH) ?

The other methods can be blocked, DoH cant.

Try to use NextDNS directly in your browser or via YogaDNS client with the appropriate configuration.
 
Nightwalker said:
I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.
Click to expand...
All you need is the destination IP address to block DoH. The packet has to be going somewhere even if you can’t read it.
 
  • Like
Reactions: Nevi, brambedkar59 and Kongo
Nightwalker said:
Did you tried DNS Over HTTPS (DoH) ?

The other methods can be blocked, DoH cant.

Try to use NextDNS directly in your browser or via YogaDNS client with the appropriate configuration.
Click to expand...
It's an iPhone. How to change NextDNS to DoH? I don't know which encryption it uses by default.
 
  • Like
Reactions: Nevi and Kongo
blackice said:
All you need is the destination IP address to block DoH. The packet has to be going somewhere even if you can’t read it.
Click to expand...

This is more theoretical than pratical, DoH is camouflaged within other HTTPS traffic.
 
  • Like
Reactions: Kongo
Nightwalker said:
This is more theoretical than pratical, DoH is camouflaged within other HTTPS traffic.
Click to expand...
No you just use an ip table list of DoH providers and block packets heading to those IPs through port 443. It’s cumbersome, but organizations are definitely capable if they want to deal with the hassle.
 
blackice said:
No you just use an ip table list of DoH providers and block packets heading to those IPs through port 443. It’s cumbersome, but organizations are definitely capable if they want to deal with the hassle.
Click to expand...

By this method?

serverfault.com

How to block DNS over HTTPS using IPtables

I've recently started using iptables for the first time on my OpenWrt, Linux based router. Out of the box the OpenWrt firewall is very good, however, after wanting to do more advanced things with the
serverfault.com serverfault.com

Dont seen that effective.
 
  • Thanks
Reactions: Kongo
Nightwalker said:
By this method?

serverfault.com

How to block DNS over HTTPS using IPtables

I've recently started using iptables for the first time on my OpenWrt, Linux based router. Out of the box the OpenWrt firewall is very good, however, after wanting to do more advanced things with the
serverfault.com serverfault.com

Dont seen that effective.
Click to expand...
It's effective to block, ineffective to redirect because it breaks the encryption. You would just have no ability to resolve anything and have to maintain the IP tables.
 
  • Like
Reactions: Kongo
  • Like
Reactions: blackice
Anyway, sorry to derail the conversation. The point is it can be blocked, easily by corps with the resources to do it. But it would be noticeable and very difficult to redirect. One would know they are being blocked.
 
  • Like
  • +Reputation
Reactions: Nevi, Kongo and Nightwalker

You may also like...