Initial review - Ubiquiti UDM SE

OVERKILL · May 29, 2024

Brons2 said:
I have had people at work recommend PiHole, how do you like it?

It's excellent. I mean, technically it's just a very well developed frontend for a number of very stable and mature linux services, so you put it on some decent hardware and it's going to be reliable.

I have a whole thread on this particular setup, since I force all DNS traffic to the pihole and it in turn exclusively uses DOH to a set of resolvers I trust (CIRA).

Brons2 · May 29, 2024

I had to look up CIRA. Maybe not the best choice for someone living in the southern US, from a latency perspective. Also it says that it's free for Canadians. Only?

I've used Steve Gibsion's DNS benchmark for choosing DNS servers in the past, on a performance basis alone. Maybe time for something more security focused.

OVERKILL · May 30, 2024

Brons2 said:
I had to look up CIRA. Maybe not the best choice for someone living in the southern US, from a latency perspective. Also it says that it's free for Canadians. Only?

I've used Steve Gibsion's DNS benchmark for choosing DNS servers in the past, on a performance basis alone. Maybe time for something more security focused.

Yeah, it's a Canadian service, I think Cisco offers DoH for OpenDNS, so that's an option.

DNS is one of the few remaining areas where encryption is not yet prevalent. While most browsers now support doing DoH by themselves, most people don't know about it, nor how to configure it. It also circumvents DNS-based protections, which can be problematic. Hence my approach with blocking DNS, blocking VPN's and forcing all resolver traffic through my PiHole, which is only allowed to use CIRA* and only uses DoH.

*I had to do a host-specific exception in my firewall to allow PiHole to access their own resolver, which is hard-coded into their programming, otherwise their "pihole -up" update command doesn't work and you have to do a repair install every time. This is an annoying quirk.

OVERKILL · May 30, 2024

Brons2 said:
I had to look up CIRA. Maybe not the best choice for someone living in the southern US, from a latency perspective. Also it says that it's free for Canadians. Only?

I've used Steve Gibsion's DNS benchmark for choosing DNS servers in the past, on a performance basis alone. Maybe time for something more security focused.

Here's my DNS thread, you can probably skip the first post, go down to the one where I describe what I ended up doing with my PiHole:
DNS and Secure DNS | Bob Is The Oil Guy

Initial review - Ubiquiti UDM SE

OVERKILL

$100 Site Donor 2021

Brons2

OVERKILL

$100 Site Donor 2021

OVERKILL

$100 Site Donor 2021

Similar threads