DNS Blocklists Explained! Stop Internet Snooping!
Ғылым және технология
These days, trackers infiltrate nearly every webpage. Advertisements demand your attention and monitor your online movements. Your own devices and software send telemetry back to manufacturers and developers, leaking all kinds of information about your activities.
DNS blocklists can help you regain control over your network traffic. They can stop your devices from ever connecting to certain data tracking sites, malicious content, or servers that collect telemetry.
In this video, we explain exactly how they work, and how to set them up on your home network using the open source router and firewall software, pfSense.
00:00 Intro
00:53 Understanding DNS Blocklists
02:32 Setting Up DNS Blocklists
13:36 Note for Quad9 Users
14:17 The Looming Threat
15:12 Conclusion
DNS blocklists and the reports they generate are a great way to become more aware of how our data is being collected and our privacy invaded without us realizing.
Special Thanks to John Todd for guiding us through the tutorial process!
More information about Quad9:
quad9.net/
Brought to you by NBTV team members: Lee Rennie, Sam Ettaro, Cube Boy, Will Sandoval and Naomi Brockwell
To support NBTV, visit www.nbtv.media/support
(tax-deductible in the US)
NBTV's new eBook out now!
Beginner's Introduction To Privacy - amzn.to/3WDSfku
Beware of scammers, I will never give you a phone number or reach out to you with investment advice. I do not give investment advice.
Visit the NBTV website:
nbtv.media
Watch this video on LBRY!
open.lbry.com/@NaomiBrockwell...
________________________________________________________________________
Here are a bunch of products I like and use. Using these links helps support the channel and future videos!
Recommended Books:
Beginner's Introduction To Privacy - Naomi Brockwell
amzn.to/3WDSfku
Permanent Record - Edward Snowden
amzn.to/305negc
What has the government done to our money - Rothbard
amzn.to/2KMzmcu
Extreme Privacy - Michael Bazzel (The best privacy book I've ever read)
amzn.to/3BLZ1gq
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State - Glenn Greenwald
amzn.to/2UQmJ4m
Naomi's Privacy Bag: some of my favorite products to help protect your privacy!
Use the Brave browser! brave.com/nao076
USB-C to ethernet adapter:
amzn.to/2lOVBoy
Faraday bag (signal stopping, to protect your fob, credit card, computer, and phone)
amzn.to/3DjIvCP
Data Blocker (if you're charging your phone in an unknown port, use this so that no data is transferred)
amzn.to/2SVh0J2
Computer privacy screen (use your computer in public? Keep your information safe! Choose the size right for your computer)
amzn.to/3F816Sn
Phone privacy screen (don't let people in public see your private data, choose the size for your phone)
Samsung note 10 - amzn.to/3wNtYwb
iPhone XR - amzn.to/3Q8Sq4S
Pixel 6a - amzn.to/3i9dnQz
Camera cover (for computers and phones, so no one can access your camera without you knowing)
amzn.to/3Z1N8Mz
Privacy Tip: Turn off your wifi and bluetooth when you're not using them!!!
Пікірлер: 145
I am sure a lot of us hope you can keep this series up. I have learned so much about networking, security and privacy.....all because of your super friendly videos. I cannot thank you enough!!!!!!!
@NaomiBrockwellTV
10 ай бұрын
I appreciate the kind comment! So glad it's helpful :)
@AlfieDoug
10 ай бұрын
Scared crap out of me, after watching some of your videos I have blocked your videos in case you are watching me.
@vitech1013
10 ай бұрын
@@AlfieDoug No so funny comment, actually borderline dumb!
Naomi: You never 'ramble'. Your personal bits are part of the fabric of your show. YOU are integral.
@NaomiBrockwellTV
10 ай бұрын
Thanks for watching through till the end! :)
Pihole is a nice alternative, especially if you don't use pfsense.
@ren3059
10 ай бұрын
I'm using it on a single board computer running inside docker it is awesome!
I run DNSGuard Home and about 15 blocklists. Another banger video Naomi!
Naomi is the greatest Australian since Julian Assange.
@objectionheresay9668
10 ай бұрын
Randy and Sammy J are close behind them.
@voogarix
10 ай бұрын
I knew that she's neither American nor English by her "data" pronunciation, but didn't know she's Australian
@ColonelStraker
10 ай бұрын
And way better looking! Liked her work in indie films, as well!
@anthonysach
9 ай бұрын
@@ColonelStrakerAnd Jpop
@Whatisthisstupidfinghandle
3 ай бұрын
I guess if you like Russian spies
NextDNS is my choice. Very easy to set up and works so well
@RAM_845
7 ай бұрын
I started using it as well, it speeds up the internet as well especially when you enable it via router as well as local; browser and mobile phone.
@OH2023-cj9if
27 күн бұрын
Don't forget to enable encrypted DNS on Windows, DoH or DNS over HTTPS and DoT or DNS over TLS on a phone. That stops people like your ISP snooping.
Ramble away. Half of what was duscussed went over my head but it disgusts me that companies and individuals want to know everything I do online without my explicit consent. Fortunately I followed enough to at least do the simple things and I can go from there. Your beginners guide is very helpful to me. Thank you for another wonderful video.
@NaomiBrockwellTV
10 ай бұрын
Thanks for watching through till the end ;)
@archangelmusic13
12 күн бұрын
it went way over my head too, all her videos are way to confusing for me to understand
Fantastic tutorial on this somewhat intimidating package. This video makes it easy & fun to setup and use. Another great yet intimidating package id love to see a future video on is Snort. Snort inspects packets and prevents zero day intrusion it essentially gives pfSense next gen firewall capabilities.
I'm tremendously grateful for all you do and I routinely urge people to watch your videos!
I was waiting for this video for so long thank you so much, this is the best home network privacy guide ever please keep up the good work.
Thank you so much Naomi and your guest !! your video empowers people to take back the control of privacy and security online ! looking forward to watching your next video !! love
Excellent video as always. Thank you for your effort.
As always Naomi... INCREDIBLY actionable information! Thank you SO much; I NEVER miss one of your videos. I would love to go "full commando" with pfsense, but for now, have to settle for exlusively using Quad9 at my router, and then individual devices, and then individual browsers. (Dont know if the router is enough or not, but it sure cant hurt defaulting to Quad9 everywhere)
Thanks for another clear and well-explained walk-through of pfSense settings. I also needed to enable DNSBL from the Firewall/pfBlockerNG/DNSBL menu. I believe the setup wizard will do this after installing, so would recommend using the setup wizard for new installs of this plugin.
Please never stop providing the knowledge!
I wish more people were tech savvy and knew how to use tech better and protected their privacy. Unfortunately when I try to show someone your videos I still get called a "far right paranoid conspiracy theorist"
@ChadHohner
10 ай бұрын
I get called that same thing, and reply with "yeah, and?"
@edstar83
10 ай бұрын
Heil brother.
@FruityHachi
5 ай бұрын
why far-right? makes no sense, since when is being against nationwide, global surveillance a far-right thing?
Because of all this privacy issues it seems more convenient to shop in person and use a encyclopedia.
Thank you for your videos, as always Naomi!!
Thank you very much. Your video's are very easy to understand.
Absolutely invaluable! I stay for the rambles, too...
@NaomiBrockwellTV
10 ай бұрын
Yay! Another end-stayer!! :)
thank you again!! your videos are the best!!
Incredible video series, incredibly presented. One question I have - the video mentions there are multiple feeds enabled by default in the feeds list, but my router only has the Yoyo feed enabled (after having manually added it). No other defaults are selected. Naomi, if you're listening, can you point us to a basic list of recommended feeds to add?
Awesome. Thank you so much.
Great video, as always.
This is very very good information. I'll try it sometime
Hey Naomi. Thanks for the next great video. There are routers of GL-Inet (that I use one of them more than 1 year) which should be more easy for newcomers/ non-tech people.. Their routers based on openwrt with custom front-end and includes so many features that most of other brand products simply doesn't have... It comes with built-in Adguard Home installed, vpn, tor etc... Maybe you should have a look at this too..
@anthonysach
9 ай бұрын
I have a few GLi routers. I recommend them to non techy people as it is easier to support them and they are relatively cheap. The tiny ones are great for taking with you and using as a VPN relay for public WiFi or at friends house, especially one with 1 or 2 eithernet sockets. You can power them with a small powerbank as well.
Great content as ever.
Thank you, Naomi!
A video I would love to share if NBTV made it, is a short one for my boomer parents about the newer voice spoofing attacks. This channel is fantastic!
In my case I don't have pfsense on my LAN, but I do use "pi-hole" on my two Raspberry Pis (and I configured my router to see my Raspberry Pis as the DNS location for my LAN). As a result of pi-hole I do have both DNS caching and DNS blocking on my LAN. In addition to the security advantages of this setup, both the DNS caching and the blocking slightly (but enough to be noticeable) speed up my internet access! As to pi-hole's upstream DNS resolver, I am currently using "quad9" but I am using the 9.9.9.11 version vs the default 9.9.9.9 version. Yes, I know that the 9.9.9.11 version leaks a little more info about my query (slightly bad from a privacy standpoint), but it also tells the DNS which ISP I'm using (good from a performance standpoint when the traffic I'm getting is hosted in multiple locations around the net).
Thank you Naomi, just added yoyo while watching this video.
Excellent! One thing to know in this video while doing the update, mine did not do anything. I have noticed that under DNSBL tab, I had to click Enable DNSBL first, than do the update.
@ryanw8664
3 ай бұрын
Thank you for commenting this, I couldn't figure out forcing the reload was not doing anything. This omission really should be added to the video. An otherwise perfect and life-changing series! I cannot thank Naomi enough.
I must admit, I clicked on this one solely because of 'Mission Impossible Naomi' in the thumbnail.
Thanks Naomi. 👍🏼
Hi @Naomi, that was an eye-opener. I'd really like to do this, but my router is ISP-Locked. Can I use pfSence or must it be router-based? Thanks, everyone
Would love more information on links to sites for block lists.
Waaay back in the day, 20 something years ago, Anarchy Online, an MMO game, began advertising ingame, and I found out that one could just block domains straight up via the HOSTS file. Adblocking requires more than domain blocking these days, but I still do it out of habit. EDIT: I don't have pfSense set up, so I use personalDNSfilter instead. It works like a daemon, runs on startup and also supports DNS-over-TLS. All it requires is setting DNS settings on your PC to localhost as it runs locally. It's just a simple Java application, but it also works on your phone.
When Chrome and other browsers based on Chromium change their addons to limit blocklist entries it will be even more important to use external means like Pi-Hole or to change your DNS resolver to one that runs adblockers (like NextDNS).
Fact is, all this 'spying' and information gathering hasn't increased sales by much, if at all. Yet advertisers still shell out money to these corrupt service providers. Sickens me.
@OH2023-cj9if
27 күн бұрын
They get lied to and most are non-IT people so don't question anything.
NextDNS/ControlD FTW!
Naomi does Quard9 log the list of sites you visit?
How well does pfBlocker work with a router if there are other devices say for example security cameras, tv's and such that are using your router to acess the internet?
Question: So should all my devices be using DNS server of my pfsense IP? (if i were to manual DNS server).
Your videos are absolutely awesome, and you are gold, Naomi. I have to repeat that I'm a total newbie, but slowly (probably slower than the regular user lol) I'm learning with your videos - slowly, but I'm learning. Thank you so much again, @Naomi Brockwell: NBTV
Instead of pfsense, I use OpenWrt for dns blocking and encrypted dns (using dnsmasq and dnscrypt). On a very cheap used router (which I got for $10), it works very well.
@boink800
10 ай бұрын
@@CedroCron Since this is about home and SOHO networks, OpenWrt on very cheap hardware would work fine. On larger networks, OpenWrt on i686-hardware would be worth looking into. OpenWrt can run on many more platforms than pfsense.
Good information, but how do I install pfsense on my router?
So its my understanding that pfblockerng doesn't work unless you are using unbound as a dns resolver, not as a forwarder. Is this still true?
pfBLOCKErng file is not inside Pfsense website as u shown in website? where to get it? it asked to download image?
Thanks for the help but when I click ps sense and servi;os it doesn't look like this menu I don't understand
Does blocking Ip addresses via the hosts file work the same way?
You look cool & savage in thumbnail..❤❤❤ Great work Naomi
If I use a privacy-oriented VPN like mullvad do I need to do this?
Just double-checking, is pfblocker NG not a necessary service to run on pfsense if the Quad9 DNS is used?
@NaomiBrockwellTV
10 ай бұрын
Quad9 blocks malware, pfblocker NG is great for blocking ads, telemetry, spying
I use adguard home to sinkhole all trackers and ads (upstream quad9 and cloudflare). What do you think of that software from a security and privacy point of view? The functionality is very similar to pf sense, you have filter lists (included Peter Lowe's)
@boink800
10 ай бұрын
Ideally, you do not want a dns service tracking your dns requests. Adguard may work quite well -- but what do they do with your data?
@danucc
9 ай бұрын
@@boink800 as guard home runs only on local network(ish) and send dns request only to dns server I specify.
And after having seen all your 6 videos, HOW the heck do we install PfSense on our router ? not having to buy the Vault ?
Thanks so much for your crusade to keep everyone safe. You're an internet hero of mine. I may be a Sigma male, but I have a weakness for reds and find you adorable. Your personality makes watching this information so much easier to absorb. I hope you reach the level of success you desire and have a satisfying career.
@NaomiBrockwellTV
10 ай бұрын
Thanks for your kind words!
@MakeitZUPER
10 ай бұрын
@@NaomiBrockwellTV I can't help it, lol. I'm genuine a just a tiny bit sweet on you, lol. You really are a great presenter though and I mean that in the most professional way. The rest is just a bonus to me.
Had a bad update to my proxmox and Opnsense was acting weird after. I also have a back up of Sophos for home but I'm thinking of pfsense this time. Amazingly i goylt used to Sophos but it doesn't like the xbox at all
The only reason I do not use Quad9 is because they do not provide family filter.... That's one of the most important filter in these days, and they ignore it... I don't understand.... :(
@keylanoslokj1806
7 ай бұрын
Who provides a decent family blocker?
@OH2023-cj9if
27 күн бұрын
I also don't like them not blocking trackers. Use NextDNS for a decent list of filters.
Great!👍
Pfs wont run on all routers. Pi hole can be inatalled in a pi and run on all networks
thankyou , if it's possible for pfsense which kind of hardware we can use, please make a tutorial video about that. thnx
@boink800
10 ай бұрын
64-bit amd64 (x86-64) compatible CPU, 1GB or more RAM, 8 GB or larger disk drive (SSD, HDD, etc), Bootable USB drive or high capacity optical drive (DVD or BD) for initial installation. That's a quick overview. Basically, it's designed on run on pc-like hardware.
excellent
@NaomiBrockwell, what are your thoughts on NEXTDNS?
are you on Nostr yet?
I used to do this by putting the list into windows/system32/drivers/etc/hosts. But that had to be manually updated...
How does this compare to something like PiHole running on a Pi?
I use PiHole, unfortunately my ISP provided modem doesn't allow for custom DNS servers so I have to manually set it for everything.
@xenonbart5526
10 ай бұрын
You could use your pihole as a DHCP server as well and have it assign IP addresses in the same range as your router, that way the pihole can assign the DNS server to every device. Most ISP modems should at least allow manipulation of the modems DHCP server
@MeiinUK
8 ай бұрын
Where do you reside ? .... By telemetry, does that mean like an online web based CRM or SEO queries kind of locking you via an actual data bubble ?... It's weird that recently I changed actual isp. And yet I keep actually getting spammed. Always actually loaded. Which shouldn't be as so.
@alux948
8 ай бұрын
@@MeiinUK I'm in the UK, my ISP Sky has there modem DNS settings locked. I'm guessing its to abide by the UK's net filtering laws around kiddy p**n. I don't mind filtering those sites but the government keeps pushing for that filter to also filter out torrent, other file sharing sites as well as other things they decide we don't need to see. Anyway there are ways to get around the locked DNS, like getting one of those pfSense compatible boxes on Amazon to really take the control back and push everything through a VPN. ATM though I don't feel the need for the nuclear option :P
@MeiinUK
8 ай бұрын
@@alux948: Thanks for the clarification. I've had gazillion amount of PCs and laptops, and I reckon that I've been hacked to the moon and back. Literally. I've a grave yard of actual kits, that... I don't know whether that is to force me to actually buy new products, and therefore increases that company's revenues. Cos I am for SURE... I've been targetted. I don't normally get through even a stupid PC or laptop per year. It does not last 2 years. So Naomi is in Australia.... this is interesting. Cos not many ISPs now provide this kind of services any more.. and most actual products available in the UK market now are mostly chromebooks, or basically a thin-client to the cloud. Which is not what I want, cos I wanted to save my own photos, datas and details. So this video is a bit... data breaches are a mega big thing in the UK. (And some people associate it as an actual... "marketing" campaign.. or so called SEO, which is not the case.) It's way too .. way way way too.... conflicting. I didn't really want to build my own entire kit from bottom up ! lol.... I've been trying to find some dumbed down 368's machines... but can't. Just want to use my old softwares which I have the licenses to. I think my last machine must've been hacked by MS, cos they wanted to obsolete some softwares. I am sure of it too. I connected it to a dongle and it went asap. Just destroyed.
Great video, but geo blocking spammers in this package is worth investigating.
I realize that this is a crude method of achieving this result, but it is possible to just replace the hosts file with one containing all of the sites you wish to block. There are available hosts files maintained for this purpose. It takes five minutes to implement and costs nothing.
Hiding DNS has very limited utility. An IP address can give you the same information as a domain name, unless it's sharing an IP with other domains. Most IP addresses are only linked to a single domain, so it's a simple matter of reverse matching the IP, which is always in the clear. The only real way to block that stuff is a VPN.
Love it
I love you Naomi!
You definitely have my sub. This content is next level. For me cannafarm ltd was the turning point. Please keep doing what you do and keep being you, love it.
How can i achieve this on mobile data?
Is this similar to Pihole?
how to block dns without any 3rd party stuff? Using one thing that I don't know what is doing under the hood to prevent other thing that I don't know what is doing seems slightly crazy.
👍
Independent humans need to build our own internet which is not part of the public internet. Use shared code names for Yourself with people You actually know and speak in code even while using services like session. Double down and double down again. You then lose the tracking even when You do not need to. When You do You will be glad.
how come you never talk about this Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled on quad9?
👍🏻
How about OpenDNS?
@jacksoncremean1664
10 ай бұрын
OpenDNS is owned by Cisco, what's demonstrated here will show you how to do the same thing in a privacy friendly way.
I wish that "quad 9" didn't sound so much like "cloud 9". Whenever Naomi says it I hear "cloud 9".
That actually gave me a headache.
Is this the same as PiHole ?
What is better, this or a pihole? Sorry for bad English
pihole + ublock origin + Privacy Badger
that's too much manual configuration, isn't it enough to just install adblocker on a browser? it too has Peter Lowe's blocking list and many more lists
this is for pro only, not for the everyday person
Why did Naomi leave CoinDesk?
😂 oh Naomi...Darda. Everytime lol...Liron cracks me up each time he says it 🤣
URL != domain
Pie-hole anyone? LOL
what ablout doing this on your phone
Naomi is gorgeous
Love the thumbnail!!!
I must agree with @firstandlastname2090 below, always great actionable and meaningful content! I've been following all your videos and taking the advice. I'm a user of pfSense, Quad9, Proton, etc. All have been working well and have had no issues since putting all this in place. I await all your latest content because I know it's gonna show me something else to harden my defenses. Thank you for all you do!