71
Fuck DHS Rule (lemmy.blahaj.zone)
submitted 2 days ago by florencia to c/onehundredninetysix
11 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] SnotFlickerman 29 points 2 days ago* (last edited 2 days ago)

Also, might be a good time to look into a Raspberry Pi or even an old laptop and learning how to turn an adblocking Pi-Hole into a full fledged DNS resolver so you're not sending your requests outside of your own network.

Either that or use DNS-over-HTTPS.

Your DNS history is metadata in the same way your phone call history is. The government may not be listening to your calls, but they can figure out a lot by seeing you made a three hour call to a Suicide Hotline. Similarly, they may not see your data-in-transit, but they may be able to see your DNS requests and glean a lot about what sites you're visiting.

[-] spooky2092 7 points 1 day ago

Also, might be a good time to look into a Raspberry Pi or even an old laptop and learning how to turn an adblocking Pi-Hole into a full fledged DNS resolver so you're not sending your requests outside of your own network.

Not sure if I'm misunderstanding you, but pi hole doesn't stop your DNS requests from leaving your network. All it does is filter the requests you send before relaying the requests that aren't in the filter list to it's upstream/next hop server.

Either that or use DNS-over-HTTPS.

DoH is a reasonable option, but it only protects your metadata if you're using a resolver you trust not to keep records. If the resolver keeps records, DoH or not, they've got the metadata of where you're going.

[-] SnotFlickerman 7 points 1 day ago* (last edited 1 day ago)

Not sure if I’m misunderstanding you, but pi hole doesn’t stop your DNS requests from leaving your network. All it does is filter the requests you send before relaying the requests that aren’t in the filter list to it’s upstream/next hop server.

Yes, that's Pi-Hole with it's default rollout. By default it's a DNS forwarder that, as you said, after filtering locally, sends a request to an upstream DNS server (like say, Google 8.8.8.8 or Cloudflare 1.1.1.1) to search for the IP for the domain name you have entered into your browser.

Using unbound, you turn a Pi-Hole from a mere forwarder to a Recursive DNS Server. From my link (the one you quoted):

What is a recursive DNS server?¶

The first distinction we have to be aware of is whether a DNS server is authoritative or not. If I'm the authoritative server for, e.g., pi-hole.net, then I know which IP is the correct answer for a query. Recursive name servers, in contrast, resolve any query they receive by consulting the servers authoritative for this query by traversing the domain. Example: We want to resolve pi-hole.net. On behalf of the client, the recursive DNS server will traverse the path of the domain across the Internet to deliver the answer to the question.

And why does this matter? From the same link:

Benefit: Privacy - as you're directly contacting the responsive servers, no server can fully log the exact paths you're going, as e.g. the Google DNS servers will only be asked if you want to visit a Google website, but not if you visit the website of your favorite newspaper, etc.

So while it's not as nice as having a DNS root server in your own home (which is a whole different beast and highly improbable for an individual to roll out) it effectively spreads its search so diffusely among DNS root servers, Top Level Domain DNS servers, and authoritative DNS servers that none of them have a full picture of what you searched for. The link I sent also breaks down the difference in steps:

A standard Pi-hole installation will do it as follows:

  1. Your client asks the Pi-hole Who is pi-hole.net?
  2. Your Pi-hole will check its cache and reply if the answer is already known.
  3. Your Pi-hole will check the blocking lists and reply if the domain is blocked.
  4. Since neither 2 nor 3 is true in our example, the Pi-hole forwards the request to the configured external upstream DNS server(s).
  5. Upon receiving the answer, your Pi-hole will reply to your client and tell it the answer to its request.
  6. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your clients queries the same domain again.

After you set up your Pi-hole as described in this guide, this procedure changes notably:

  1. Your client asks the Pi-hole Who is pi-hole.net?
  2. Your Pi-hole will check its cache and reply if the answer is already known.
  3. Your Pi-hole will check the blocking lists and reply if the domain is blocked.
  4. Since neither 2 nor 3 is true in our example, the Pi-hole delegates the request to the (local) recursive DNS resolver.
  5. Your recursive server will send a query to the DNS root servers: "Who is handling .net?"
  6. The root server answers with a referral to the TLD servers for .net.
  7. Your recursive server will send a query to one of the TLD DNS servers for .net: "Who is handling pi-hole.net?"
  8. The TLD server answers with a referral to the authoritative name servers for pi-hole.net.
  9. Your recursive server will send a query to the authoritative name servers: "What is the IP of pi-hole.net?"
  10. The authoritative server will answer with the IP address of the domain pi-hole.net.
  11. Your recursive server will send the reply to your Pi-hole which will, in turn, reply to your client and tell it the answer to its request.
  12. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your clients queries the same domain again.
[-] spooky2092 4 points 1 day ago

Interesting, I haven't followed pihole in a long time. Thanks for educating me!

[-] Infernal_pizza@lemm.ee 1 points 1 day ago

Couldn’t they just get that info from the IP addresses anyway?

this post was submitted on 03 Mar 2025
71 points (100.0% liked)

196

2313 readers
2089 users here now

Community Rules

You must post before you leave

Be nice. Assume others have good intent (within reason).

Block or ignore posts, comments, and users that irritate you in some way rather than engaging. Report if they are actually breaking community rules.

Use content warnings and/or mark as NSFW when appropriate. Most posts with content warnings likely need to be marked NSFW.

Most 196 posts are memes, shitposts, cute images, or even just recent things that happened, etc. There is no real theme, but try to avoid posts that are very inflammatory, offensive, very low quality, or very "off topic".

Bigotry is not allowed, this includes (but is not limited to): Homophobia, Transphobia, Racism, Sexism, Abelism, Classism, or discrimination based on things like Ethnicity, Nationality, Language, or Religion.

Avoid shilling for corporations, posting advertisements, or promoting exploitation of workers.

Proselytization, support, or defense of authoritarianism is not welcome. This includes but is not limited to: imperialism, nationalism, genocide denial, ethnic or racial supremacy, fascism, Nazism, Marxism-Leninism, Maoism, etc.

Avoid AI generated content.

Avoid misinformation.

Avoid incomprehensible posts.

No threats or personal attacks.

No spam.

Moderator Guidelines

Moderator Guidelines

  • Don’t be mean to users. Be gentle or neutral.
  • Most moderator actions which have a modlog message should include your username.
  • When in doubt about whether or not a user is problematic, send them a DM.
  • Don’t waste time debating/arguing with problematic users.
  • Assume the best, but don’t tolerate sealioning/just asking questions/concern trolling.
  • Ask another mod to take over cases you struggle with, if you get tired, or when things get personal.
  • Ask the other mods for advice when things get complicated.
  • Share everything you do in the mod matrix, both so several mods aren't unknowingly handling the same issues, but also so you can receive feedback on what you intend to do.
  • Don't rush mod actions. If a case doesn't need to be handled right away, consider taking a short break before getting to it. This is to say, cool down and make room for feedback.
  • Don’t perform too much moderation in the comments, except if you want a verdict to be public or to ask people to dial a convo down/stop. Single comment warnings are okay.
  • Send users concise DMs about verdicts about them, such as bans etc, except in cases where it is clear we don’t want them at all, such as obvious transphobes. No need to notify someone they haven’t been banned of course.
  • Explain to a user why their behavior is problematic and how it is distressing others rather than engage with whatever they are saying. Ask them to avoid this in the future and send them packing if they do not comply.
  • First warn users, then temp ban them, then finally perma ban them when they break the rules or act inappropriately. Skip steps if necessary.
  • Use neutral statements like “this statement can be considered transphobic” rather than “you are being transphobic”.
  • No large decisions or actions without community input (polls or meta posts f.ex.).
  • Large internal decisions (such as ousting a mod) might require a vote, needing more than 50% of the votes to pass. Also consider asking the community for feedback.
  • Remember you are a voluntary moderator. You don’t get paid. Take a break when you need one. Perhaps ask another moderator to step in if necessary.

founded 1 month ago
MODERATORS
SoleInvictus
will_steal_your_username
TheCoolerMia
kittenzrulz123
rockSlayer@lemmy.world
JoMiran@lemmy.ml
jawa21@lemmy.sdf.org
TotallynotJessica
erotador
Arkhive
jawa21
Cornflake
BadJojo
rockSlayer