DNS Question

[Jonj1611]

I am using Virgin fibre and I have had so many problems with DNS, whether its slow or page can't be found due to DNS etc so I have been looking at an alternative.

Wanted something that would work for every device in the house, is it just a case of changing the DNS at the router to something like cloudflare 1.1.1.1 or is it not recommended to change the default DNS on the router?

I know you can't change it on the Superhub itself but I use the hub in modem mode and have a separate router

[spacein_vader]

I am using Virgin fibre and I have had so many problems with DNS, whether its slow or page can't be found due to DNS etc so I have been looking at an alternative.

Wanted something that would work for every device in the house, is it just a case of changing the DNS at the router to something like cloudflare 1.1.1.1 or is it not recommended to change the default DNS on the router?

I know you can't change it on the Superhub itself but I use the hub in modem mode and have a separate router

Short answer: Yes.

Longer answer: Usually yes, unless you have devices with DNS you set manually (which you'd know about,) or that have it hard coded. The latter is usually Google devices that always try to use 8.8.8.8 regardless of network settings.

[Jonj1611]

Thanks for replying, I haven't set anything manually apart from the PC but noticed others have issues with Virgin in the house as well so thought it would be easier to do it from a central location than adjust each device individually

[DanceswithUnix]

Usually the router gives itself as the DNS resolver as part of devices getting a network address using DHCP, and the router then asks to wherever your ISP sets it to (hopefully with some caching). So, if you set it at the router it will hopefully get picked up by the rest of the network.

I say hopefully, because an ISP can always intercept all DNS traffic regardless of where it is heading and re-point them back to their own servers.

[ik9000]

try swapping to openDNS. IIRC you can also set up an account with them for content filtering if you want to though that may be a router specific feature. I can't remember the details of that side it was a while since I did it.

[Jonj1611]

Thanks for the replies, I was using cloudflare because it is supposed to be quick, I have heard of opendns but never used it

[Rob_B]

And if you're doing that... Get a pihole

[spacein_vader]

And if you're doing that... Get a pihole

This. Then use open dns or cloudflare with DNSSEC enabled.

[matts-uk]

Wanted something that would work for every device in the house, is it just a case of changing the DNS at the router to something like cloudflare 1.1.1.1 or is it not recommended to change the default DNS on the router?

With a decent broad band link you are generally better off with clients bypassing the router DNS proxy and sending requests directly to the internet. You can usually set the DNS server IP handed to clients by editing the DHCP server settings in the router - DHCP option 6, or fill in the form provided to override the default.

You can use any public DNS server you like. Cloudflare (1.1.1.1), Google (8.8.8.8) Quad9 (9.9.9.9), CleanBrowsing (185.228.168.9) and so on. Quad9 and CleanBrowsing filter domains with a reputation for phishing and malware.

Or set up a pihole.

[smargh]

I'm trying https://nextdns.io/ which works fine and has some configurable options, including support for dynamic DNS, and custom responses also.

It has logs, which I like from the perspective of being able to look at historic logs to see the first time a specific domain was queried, in case an app or extension is ever modified with malicious code. Others might not like that, but probably most/all DNS providers log for threat intel & analytics anyway.

[[GSV]Trig]

Not directly an answer to the quuestion, but you might find this useful as a whole..

https://www.grc.com/dns/benchmark.htm

[ik9000]

chaps re pihole, I have a spare pi3b kicking aruond. Will that be good enough, and if so, please can anyone direct me to the how-to + is there anything I should watch out for in setting it up? Peterb suggested i did this back in the day but I got delayed waiting for a chip heatsink (which I now have) and never got around to completing it.

[Rob_B]

I run it on a zero so a 3B is plenty. I used this I think https://learn.adafruit.com/pi-hole-a...nstall-pi-hole

My router didn't have the options I needed so I had to have the pi also be my DHCP server

[ik9000]

thanks, silly question - presume this is ok to sit after the firewall? SFAIK you set the router DNS to use the ip of the pihole, and everything therefore is filtered through that, but it still benefits from the router's firewall right? i.e do I need to worry about putting a firewall/IS suite on the pi itself?

[spacein_vader]

thanks, silly question - presume this is ok to sit after the firewall? SFAIK you set the router DNS to use the ip of the pihole, and everything therefore is filtered through that, but it still benefits from the router's firewall right? i.e do I need to worry about putting a firewall/IS suite on the pi itself?

Correct it's behind your router so you don't have to. You could put UFW on it and set a rule to only accept incoming traffic on port 53 if you wanted to be extra cautious though. Mine is a 3B and it's fast enough.

Keep an eye on the pihole for the first couple of weeks, particularly the top lists. You'll be surprised what phones home every couple of minutes and can be blocked.

[Jonj1611]

Thanks for the replies, not sure pihole is quite where I am at right now but will certainly consider it for the future and will look into it more this afternoon.