zlacker

[parent] [thread] 9 comments
1. sherr+(OP)[view] [source] 2025-09-30 16:24:25
I don't use "pi-hole", just an in-browser blocker (ublock origin) and am happy. But I would assume a "pi-hole" would be a useful addition to a household using a variety of potentially ad-infested devices e.g. a smart TV, various tablets etc.
replies(2): >>drnick+N6 >>boiler+i8
2. drnick+N6[view] [source] 2025-09-30 16:53:49
>>sherr+(OP)
The issue is that (some) smart devices are known to bypass local DNS servers entirely. They either use a public DNS server or hardcoded IPs. The best thing would be not to connect any "smart" TV to the Internet. These are closed firmware devices with cameras and microphones and they just can't be trusted.
replies(3): >>encom+Z7 >>accrua+Ad >>fluori+gq
◧◩
3. encom+Z7[view] [source] [discussion] 2025-09-30 16:57:30
>>drnick+N6
>bypass local DNS servers

There are easy ways to fix that at the router level, but DNS-over-HTTPS clowns ruined this.

replies(1): >>accoun+Y4g
4. boiler+i8[view] [source] 2025-09-30 16:58:45
>>sherr+(OP)
Spot on! My samsung TV menus are soooo much better in terms of snappiness by having Pi-Hole running and also setting up DNAT for those IoT devices who want to hardcode their DNS.
replies(1): >>accrua+Vf
◧◩
5. accrua+Ad[view] [source] [discussion] 2025-09-30 17:25:00
>>drnick+N6
> The best thing would be not to connect any "smart" TV to the Internet.

Agree! I regret letting my Vizio TV stay online for as long as I did.

At first it was fine, and I did get a UI refresh a couple years back that was OK.

But then some update caused it to start ripping control away from whatever my last HDMI input was so it could show me ads (which fails). Even though it's perma-offline now, it still messes with my inputs sometimes.

◧◩
6. accrua+Vf[view] [source] [discussion] 2025-09-30 17:33:46
>>boiler+i8
> DNAT (Destination Network Address Translation)

Yes! This is easy to do on OpenBSD as well, though it's called "redirect" instead of "DNAT":

    pass in quick on $int_if inet proto udp to any port 53 rdr-to $dns_server port 53
    pass in quick on $int_if inet proto tcp to any port 53 rdr-to $dns_server port 53
replies(2): >>drnick+iU >>bombel+lt1
◧◩
7. fluori+gq[view] [source] [discussion] 2025-09-30 18:20:04
>>drnick+N6
I thought Pi-holes were supposed to block connections to blacklisted domains, not merely serve as local DNSs. Is that not what they do?
◧◩◪
8. drnick+iU[view] [source] [discussion] 2025-09-30 20:46:27
>>accrua+Vf
I also redirect port 53 traffic, and in addition filter traffic to "well known" public DNS servers like 1.1.1.1, 8.8.8.8, 9.9.9.9 and many others (lists can be found on GitHub), but this is ineffective against ads and telemetry served from hardcoded IPs.

Overall, it's just easier not to connect "smart" devices to the Internet at all. I prefer to use a Linux HTPC instead of a smart TV for example. It is completely under my control and I am not restricted to apps approved by Apple or Google, asked to log into anything or to accept ever-changing terms and conditions.

◧◩◪
9. bombel+lt1[view] [source] [discussion] 2025-10-01 01:05:43
>>accrua+Vf
This config is surprisingly easy to read.
◧◩◪
10. accoun+Y4g[view] [source] [discussion] 2025-10-06 09:11:13
>>encom+Z7
Smart devices always had the option of using their own resolver mechanism that you can't interfere with or just hard-code the IPs.

I don't like DoH due to the central gatekeepers its current implementation in browsers encourages but I don't think it really changes anything here.

[go to top]