EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

  • 3laws@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    So is your ISP blocking or redirecting outgoing requests on port 53?

    Correct.

    • jubilationtcornpone@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Wow. What kind of bullshit ISP blocks outbound DNS requests? I would bitch loudly at them as they have no valid excuse for doing that. Anyway… In that case you have a few options. You can use DNS over https but that’s supported primarily by browsers. Not so much other desktop applications. I would get a router that’s capable of WireGuard and connect it to ProtonVPN (or another VPN service of your choice). You don’t have to route all traffic over VPN if you don’t want to but at least you’ll be able to use whatever DNS server you want.

      • Moonrise2473
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        In Italy Vodafone blocks that request for “safety” and they were forcing users to use a custom proprietary shitty router where you could barely change the wifi password

    • Snowplow8861@lemmus.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      The bypass is to run your own router, distribute locally hosted dns servers (either the router or pihole) and the dns servers get their lookups over dns over https (443) and your provider can’t intercept that since it looks like regular encrypted Web traffic just like they shouldn’t be able to inspect your netbank.

      Australia is different but these isps who do that generally have a +$5 per month plan to go to a static public rout able public Up (instead of cgnat) and unfiltered Internet. They usually are more allowing mum and dad to filter the Web so their kids can’t get too far off track. Maybe just double check on your ISP portal settings but I’m going to assume you’re not in aus.

      • 3laws@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I’m in MX. It’s not like they actually care about giving the consumer proper permissions. The “business” solution keeps the DNS shenanigans.