Comment by zeta0134
1 month ago
This practice, and fear of the exact sort of nonsense in this article, plus wanting to keep my wifi bandwidth free for the network I actually connect to, is why I'm still on AT&T DSL in my area, at 50 mbps. Comcast is available at up to gigabit, and they can keep it.
AT&T is pretty bad in its own way. They snoop DNS and to sell your info (including physical address) to advertisers - even if you switch your DNS providers. They used to had a paid opt out (~$20/mo IIRC) but I don’t see that option anymore.
This is quite easy to avoid by using DNS over TLS. It's like 15 minutes of effort in some OpenWRT documentation [1]. If you want any hope of having some semblance of control and privacy, you would already be using your own router, with their CPE being relegated to modem-only duties. It only makes sense that in this situation you choose a router that can run highly-configurable and privacy-preserving software.
I did it several months ago, including the optional adding an outbound firewall rule dropping forwarded UDP/TCP 53 traffic (I tried the redirect rule suggested there first, but it didn't work and the firewall ruleset failed to load, so a drop will have to do. I didn't bother investigating why, because everything on my LANs is configured to use the router as their only nameserver anyway).
I also added a rule dropping it from the router itself in case something breaks, for example if it suddenly decides to start honouring the DHCP-received nameserver addresses (my ISP) despite being configured not to.
EDIT: The article doesn't make this clear, but the bootstrap section is only necessary if you specify upstream nameservers by name (e.g. "https://dns.cloudflare.com/dns-query"). This is not required. For example, you can configure a manual upstream of "tls://1.1.1.1" like I did, and then it doesn't need to do any DNS lookups at all, so does not need to be configured with bootstrap servers, so will not break if you add the 2 firewall rules I mentioned.
[1] https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq...
I wasn't really meaning to defend AT&T as a good option, just a slightly less evil one. I'm surprised I have a choice at all out here in the sticks. A lot of places just have one provider.
I had AT&T DSL many years ago. They forced me to use their modem/router combo from 2Wire. It was truly awful. I eventually got so fed up with trying to connect things to the WiFi that I bought a separate router to plug into it, and connected to that network, which it did let me do. That solved most of my problems, other than the overall poor service.
Interesting. My family had one of the pointy 2Wire ones (the HomePortal 1000 looks like the one), and I don't remember it having issues with WiFi. Then again, all I had to connect at the time was an HP Pavilion running Windows Vista/7 (later Linux) and an iPod Touch. I think we eventually had a Wii and an Epson printer connected wirelessly as well.
Now I do remember some issues getting it to maintain a stable connection to the DSL network at some points, which even daisy-chaining another router wouldn't have fixed. No way to tell if that was the gateway or just the DSL network that was flaky.