EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

  • dan@upvote.au
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Often, if you try to go to a non-existent domain, it’ll still return an IP address that loads a “this site doesn’t exist” page hosted by the ISP, often full of sponsored links, similar to a domain parking page.

    It’s trivial to do this. DNS requests are unencrypted and can easily be modified by an ISP, even if you use a custom DNS server like Google’s 8.8.8.8 or Cloudflare’s 1.1.1… You need DNS over HTTPS or a similar technology to prevent this happening.

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      hijacking dns is also my provider’s first action when you’re late paying the bill. by ip or doh or a long-lived dns cache and you’re still going, but anything looked-up via a ‘regular’ dns server goes nowhere. that gets you another 2-3 weeks until they deny the modem from even authenticating.