Blocked that hard-coded google dns garbage.
+1 for dst nat on googles dns servers back to my piholes
Is this to block ads?
No, you can block ads with a pihole. This is because Roku hard codes its dns server as 8.8.8.8. Pihole doesn’t handle IP addresses, only DNS.
Interesting. I set an adblocking dns via DHCP and, as far as I know, the Roku respects it. Ads are blocked and I can see it failing to delivery telemetry in my dns logs (most persistent thing on the network).
I set a rule to catch outside dns to see if anything, the roku included, has been misbehaving.
I doubt it but could this help my tv randomly crashing
It’s genuinely so annoying and is such a 2023 problem
Tv crashing? Add an external device and don’t use TVs for their smart features as they tend to be pretty bad.
Pihole blocks the basics for Roku. Things like logs ads etc. but there’s a lot more telemetry that they’re collecting. Here’s a hackernews thread about the topic and the associated article it references.
Not familiar with Rokus, but it depends on what your filtering. Mostly it’s to block needless analytics tracking. I use a pair of PiHoles for much the same purpose.
deleted by creator
One more confusion: If DNSSEC is enabled it actually switches to TCP, since DNSSEC requires messages that are much bigger than what UDP can transfer.
I have a firewall rule to dst-nat any outgoing DNS requests not coming from piHole back to the piHole server. That way all devices on the LAN are forced to use piHole for DNS and can’t bypass it. I don’t have an OPNSense firewall but I would think it should be able to do that as well.
I’ve blocked outgoing port 53 udp/tcp for all subnet except pi-hole. If I can’t trust a device to use the DNS I configured I can’t trust it to go on the internet, and it goes on my list of devices to replace.
I setup a NAT rule that redirects anything going to the Google DNS IP’s send sends it to my own DNS server.
Hey man, can you share some resources that you followed to configure Opnsense as VM. I am in the same situation, bought a firewall, that I want to use as a hypervisor but didn’t configure yet the Opnsense and would love to educate myself more on the matter.
I’m currently using this guide to setup a OPNsense VM on proxmox. Home Network Guy also has an OPNsense guide, but for a full router.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol IoT Internet of Things for device controllers NAT Network Address Translation PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network
[Thread #267 for this sub, first seen 8th Nov 2023, 04:10] [FAQ] [Full list] [Contact] [Source code]
Good bot
I configured my Asus router with asuswrt-merlin firmware to route all DNS traffics to my Adguard instance to catch those apps and devices with hard-coded DNS. Those routed DNS queries appear in adguard as originating from my router’s IP address, so I can easily see what apps and devices trying to bypass my dns. Turns out the main offender is Netflix.
That’s interesting. What IP address is netflix hardcoding?
My router doesn’t log the target dns server ip address, but according to many forum threads, netflix apps seems to hardcode the dns to
8.8.8.8and8.8.4.4.
