This works until you start living with someone who gets frustrated by things like sponsored results not working (completely fair, because they are often highly relevant).
I came back home to my parents house this christmas and my parents and my brother complained to my why the Google sponsored links don't work anymore (because I've set their DNS to an adblock DNS).
I couldn't believe what they were saying. Their words didn't make sense to me. I ended up in removing all adblock- and privacy-related settings in our router - it felt like a defeat.
You can set blocking per-device. I have strict blocking for my own devices, super-heavy blocking for IoT and other untrusted devices, and a lighter blocking as default. If they complain, I can disable blocking for them, or even set up a guest VLAN.
Presumably you set your router to intercept all UDP/53 traffic, but remember the whole point of DoH is to prevent that and ensure nothing gets between the advertising surface and the advert source.
That’s why I also block all known DoH IPs. It’s a pretty long list, like 130 IPs. I have an allowlist for devices I don’t want to mess with, like my Pihole or guest devices.
It’s definitely not perfect, but it does de job for now.
This works until you start living with someone who gets frustrated by things like sponsored results not working (completely fair, because they are often highly relevant).
I came back home to my parents house this christmas and my parents and my brother complained to my why the Google sponsored links don't work anymore (because I've set their DNS to an adblock DNS).
I couldn't believe what they were saying. Their words didn't make sense to me. I ended up in removing all adblock- and privacy-related settings in our router - it felt like a defeat.
To be fair to your family, Google have spent billions making the Google sponsored links look like organic search results.
You can set blocking per-device. I have strict blocking for my own devices, super-heavy blocking for IoT and other untrusted devices, and a lighter blocking as default. If they complain, I can disable blocking for them, or even set up a guest VLAN.
What if they use IPs instead of domain names?
Then you write router-level firewall rules for the IPs you know are safe to fully block. You can do that selectively so you don’t break other devices.
I already do this for local DNS circumvention, which is probably a lot more common than hardcoded IPs.
Right, but Pi-Hole can't help with this.
Presumably you set your router to intercept all UDP/53 traffic, but remember the whole point of DoH is to prevent that and ensure nothing gets between the advertising surface and the advert source.
That’s why I also block all known DoH IPs. It’s a pretty long list, like 130 IPs. I have an allowlist for devices I don’t want to mess with, like my Pihole or guest devices.
It’s definitely not perfect, but it does de job for now.