Comment by watersb

2 days ago

My older Kindle Fire HD 10 flips over to DNS over HTTPS if it can't see Google on port 53.

I've tried to add a couple of rules in iptables on my Ubiquiti Dream Machine (UDM), but the out-of-box configuration on the UDM is pages and pages to iptables rules. I can modify that config via a shell interface (a shell script with four iptables command lines), but it doesn't play with the web based GUI, and I have yet to figure out how the UDM handles such traffic.

Yes, I've simply blocked all traffic for 8.8.8.8 and 8.8.4.4, via the UDM GUI, the rules are there. The Kindle still shows me ads.

It may be possible to delete the entries for Google DNS on the Kindle via adb commands during boot, but I haven't gotten that far.

Someday I will get around to setting up a homelab network enough to learn iptables etc without blacking out my home network. As any network outage bring immediate screams from the house, I have to treat the firewall configuration as critical infrastructure: brittle. Don't touch.

2 comments

watersb

OptionOfT 2 days ago

With the UDM you can do DNS masquarade to redirect traffic destined for 8.8.8.8:53 to your local pihole / AdGuard instance.

ectospheno 2 days ago

Hagezi and others provide reasonable DoH block lists.