Is public-dns.info still actively updated? Any alternative?

[meyergru]

Looking at the list, I am not so sure. When you use an IP list, it might be safe to do so - with a wildcard list, I am unsure.

Take cubedns.com (or ptentially, any DoH service that uses only one dot in their name): they have their website on the same URL (and IP). Then again, by blocking port 443 - which you must, it will not work, anyway. At least, you could send them an E-Mail, I guess ;-)

Cloudflare was savvy enough to use a separate domain for DNS.

It is interesting what you can find when you block these things:

- I found HomeAssistant OS using Cloudflare despite being told to use my internal DNS (there is a trick to disable that: https://kcore.org/2022/08/12/hass-disable-fallback-dns/).
- Also, I caught some of my IoT devices using external NTP services - this included Apple TVs. By redirecting to the local NTP, I could make that go away.

On the other hand, I never trusted those anyway, hence why they are on a separate VLAN.

[Patrick M. Hausen]

I am pondering adding the linked "dibdot" IP lists to my global IP based blocklist rules. I'll give it a try, I guess.

For domain based blocking I use AGH and mostly Hagezi's lists.

[Kets_One]

@meyergru
I block QUIC totally by blocking all UDP traffic on ports 80 and 443.

[meyergru]

In that case you are losing potential speed on many modern websites.

[Mpegger]

I didn't even know that DoH used that many ports. I thought it was just the typical 80 and 433. I'll give it a whirl and see how it work on my network. Thanks.