top | item 43400273

(no title)

mox1 | 11 months ago

I utilize pfSense to hijack all outgoing port 53 connections and just re-route them to the local DNS server.

From there, I allow AdGuard DNS out over port 953.

I then use pfBlockerNG with a few block-lists to block DoH and known DNS over 443 servers.

Overall works fairly well, I've had an issue or two when a device cant talk to 1.1.1.1 directly....

discuss

No comments yet.