Hacker News new | past | comments | ask | show | jobs | submit login

Please do note that Android appears to be quite weird in regards to accepting network set DNS.

My observations so far have been that Android tends to ignore any DNS set by either the network via DHCP or statically set. Android instead probes the gateway for 8.8.8.8, and happily uses that instead.

The only way I have been able to solve this has been to setup a VPN (I prefer wireguard) on the pihole. Android seems to accept this.

The above in combination with say a DDNS hostname means that I now have a permanent adblocked VPN on my android phone which isn't too bad.




If you have a decent router, then you can just forcibly redirect any DNS requests from 8.8.8.8 to your PiHole.


I have had good luck simply blocking any outbound port 53 traffic that doesn't come from pihole.

Although with DoH these days, I'm not confident my firewall rule is still doing a good job :(


If someone was rude enough to bypass DHCP's suggested DNS is it reasonable to assume they were polite enough to use the standard port?

At this point every device on my network is hostile, default deny outbound is starting to feel like the reasonable starting point.


I have blocked port 53 forward and redirect. On my ISP's router (which I am forced to use), you can't block port 53 on the gateway itself.

I don't want to add an extra router because that would add unnecessary latency. The above is not an unusual setup at all.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: