What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Safe Browsing - What software should I use?

S

SashaSolitaire

Occasional Visitor
We currently have a home network with Ai-Mesh (details in my signature). Our household has two teenagers and two WFH parents. My goal is to have our kids and ourselves to have a safe, privacy oriented browsing experience. When I say safe and privacy oriented, I am looking at blocking any adult sites/content (to the extent possible), eliminate ads (to the extent possible) and mask the IP address(es). For a newbie like me, the options that are available in Merlin through amtm all seem very similar. I have been experimenting with some of the options, like Diversion and AdGuard Home. I tried to set up DNS-over-TLS, but the router always reverts it back. Looking for advice on what software I need to have running on my router to block adult sites/content, reduce ads and tracking, and mask the IP address(es).
 
Almost anything running on the router has easy avoidance option. And you can't really mask IP addresses. Diversion and AdGuard Home are DNS-blockers, they do the same thing. Don't run both. DNS-over-TLS is DNS encryption method. The built-in AiProtection does basic IDS and URL-filtering, but doesn't see much encrypted. All modern browsers have sort of Safe Browsing enabled by default. Your devices actually have better protection as end point than your router passing mostly encrypted traffic. Your kids perhaps have mobile devices with data plans and access to other Wi-Fi networks. Your only option is parental controls on their devices.
 
Whatever you like better. Both do the same thing. Diversion is more router optimized minimalistic style, AdGuard Home was ported as an add-on with full blown WebUI and many configuration options. I personally like AdGuard Home better.
 
I have not tried AdGuard, but if you choose Diversion, here are the custom blocking lists:
Code: 
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/dnsmasq/pro.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/dnsmasq/tif.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/dnsmasq/gambling.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/dnsmasq/nsfw.txt
Pro blocks Ads, Affiliate, Tracking, Metrics, Telemetry, Phishing, Malware, Scam, Fake, Cryptojacking and other "Crap".
TIF blocks Malware, Cryptojacking, Scam, Spam and Phishing. Blocks domains known to spread malware, launch phishing attacks and host command-and-control servers.
Gambling and NSFW are self-explanatory.
An alternative source are the following:
Code: 
https://big.oisd.nl/dnsmasq2
https://nsfw.oisd.nl/dnsmasq2
You can use both and Diversion will deduplicate. I use both. Although both works fine on my router, I do not know about less powerful routers and slower USB drives.
Good luck!
 
Last edited:
SashaSolitaire said:
Which one is preferred
Click to expand...

Actually, the easiest one is no DNS-blocking add-ons at all. AdGuard DNS upstream, supports DoT. Blocks ads, malware, phishing, etc. On your router just set AdGuard DNS in WAN settings and activate DNS Director to Router so it gives you some avoidance protection. But still... everything we discuss to this moment becomes useless with few clicks on a mobile device.

adguard-dns.io

AdGuard DNS — ad-blocking DNS server

Create your ad-blocking DNS server that will protect your personal data, prevent tracking and allow you to control access to specific content on the Internet.
adguard-dns.io adguard-dns.io
 
For DNS-over-TLS using free DNS from Control D, use the following four IP addresses:
Code: 
76.76.2.11
76.76.10.11
2606:1a40::11
2606:1a40:1::11
Use the following on all four lines for TLS Hostname:
Code: 
no-ads-porn-gambling-typo-malware.freedns.controld.com
You need to type into the boxes for each line and click + (plus)
After the four lines are there, you must click Apply at the bottom for it to take effect. Maybe this was your problem before.

Here are the other DNS settings:
DoT.JPG

The DNS Server only matters as the router reboots. I just take the ISP default DNS servers for reliable reboots. They will not be used when DoT starts.
I pay for Control D, so there are more options available.
 
@EmeraldDeer, AdGuard DNS is built-in option. Don't remember which exact flavour, but it covers it all.

1763429190883.png


No SSH access, custom scripts and USB sticks needed. About the same final results in 10 seconds time.
 
You must log in or register to reply here.

Similar threads

D
News Windows build 2024 and Ai Recall - Security Risk
Replies
2
Views
1K
Deleted member 77025
D
R
Parental Controls - Help
Replies
6
Views
1K
Adooni
A
A
Adguard alternatives?
Replies
14
Views
8K
Clark Griswald
Clark Griswald
D
Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled
Replies
4
Views
4K
DroidST
D
torstein
How do you protect your home network from online and local threats?
Replies
17
Views
6K
jerry6
jerry6

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,717 (members: 14, guests: 2,703)
Back
Top