What's new
By:

What am I doing if I block Google public DNS?

OzarkEdge

OzarkEdge

Part of the Furniture
I'm getting bored here waiting for a firmware update to debug...

So, I set static routes to block Google public DNS 8.8.8.8 and 8.8.4.4. My router LAN IP is 192.168.1.1; router DoT is 94.140.14.14, 94.140.15.15, dns.adguard-dns.com. From my wired PC at 192.168.1.184, Win11 Terminal ping reports:

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

A small accomplishment of uncertain value.

Now, if my wired Google TV on my guest VLAN (192.168.52.*; Mode Access) or any wireless client on my guest VLAN (Access Intranet disabled; DHCP Server enabled using 192.168.52.*; AP Isolated disabled) attempts to use Google DNS... what have I accomplished?

I figure I should learn more about these things because BIG DATA seems to be pushing further into our homes... now Walmart owns Vizio and requires Vizio TV owners to log into a Walmart account to use their Vizio TV (I don't own a Vizio TV). I see no end to this invasion of our castles.

OE
 
Last edited:
Main reason I used the LAN > Route setting to block Google DNS's is to prevent devices or apps that may have Google's DNS hard coded from bypassing my Pi-Holes. Once in a blue moon I'll see the Pi-Hole query log show a device or app trying to bypass the Pi-Holes and get re-routed due to the route block on Google.
 
OzarkEdge said:
now Walmart owns Visio and requires Visio TV owners to log into a Walmart account to use their Visio TV
Click to expand...
But this is only if you want to use the 'smart' part (streaming apps) of the Vizio TV, right? If the TV forced me to log in just to watch TV, then it is going back to the store. I've learned from my last Vizio purchase to just not connect it to the network at all.
 
Justinh said:
But this is only if you want to use the 'smart' part (streaming apps) of the Vizio TV, right?
Click to expand...

I don't know exactly... sounds like new buyers must login during TV setup... see the article comments.

cordcuttersnews.com

Walmart is Making a Big Change to Vizio TVs Now That Vizio is a Walmart Private Label Brand | Cord Cutters News

Walmart’s integration of Vizio continues to reshape the smart TV landscape following the retail giant’s $2.3 billion acquisition of the company in late 2024. Last month, Vizio officially transitioned into a Walmart private-label brand, marking a significant milestone in the company’s strategy to...
cordcuttersnews.com cordcuttersnews.com

OE
 
OzarkEdge said:
I figure I should learn more about these things because BIG DATA seems to be pushing further into our homes...
Click to expand...

As long as there is no negative impact on quality of your life - don't worry about it. Internet is just part of global tracking and data collection. What you have accomplished is eventually broken service relying on preset DNS. All my networks use the default on my gateways DoH to Google and Cloudflare, I have Android, iOS and Windows devices and use most of Google services, iCloud, OneDrive and Microsoft Teams. IoTs with cameras and microphones are much bigger privacy invasion. I don't have any.
 
OzarkEdge said:
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

A small accomplishment of uncertain value.
Click to expand...

Trying pinging ns1.google.com - this will give you the local resolver IP...

Basically, blocking 8.8.8.8 and 8.8.4.4 isn't going to stop anything... some apps will break if they hard code those IP's as resolvers, and that's fine...

The resolver can be anywhere - and with a canonical hostname that is pretty much the same as any botnet...
 
sfx2000 said:
Trying pinging ns1.google.com - this will give you the local resolver IP...
Click to expand...

Pinging ns1.google.com [216.239.32.10] with 32 bytes of data:
Reply from 216.239.32.10: bytes=32 time=49ms TTL=101
Reply from 216.239.32.10: bytes=32 time=48ms TTL=101
Reply from 216.239.32.10: bytes=32 time=48ms TTL=101
Reply from 216.239.32.10: bytes=32 time=49ms TTL=101

Ping statistics for 216.239.32.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms

OE
 
Tech9 said:
As long as there is no negative impact on quality of your life - don't worry about it.
Click to expand...

Therein lies the rub... not knowing and worrying or at least being concerned about it... as this is how I practice safe computing.

But I appreciate the sentiment... there's much I don't worry about... except lately... 📈

OE
 
Device and browser fingerprinting is more popular data collection method now. Blocking DNS to specific provider won't help much. In regards to browsing history on your network Trend Micro is at best position.
 
Tech9 said:
Device and browser fingerprinting is more popular data collection method now.
Click to expand...

I've noticed this method.

Tech9 said:
Blocking DNS to specific provider won't help much.
Click to expand...

Yeah, I'm not so naive as to think I can stop what I don't know is happening... I'm more thinking I can poke the bear to see where it might be lurking on my network i.e., block/trip something and see what complains.

Tech9 said:
In regards to browsing history on your network Trend Micro is at best position.
Click to expand...

AiProtection has done nothing here since setting AdGuard DNS, so previous TM hits appear to have been all ad related.

Relatively recent ASUSWRT added the Security Upgrade setting and related policy permission/terms... I figure that was to conform to EU or similar regulation. And this suggests the associated data collection is not really necessary for 'security' since they make it optional while stating that necessary security updates will still be delivered. So, I've been thinking withdraw from both the TM bit and the ASUS bit to opt out of both of their data collection. That is, go back to just saying 'no, thanks'.

OE
 
OzarkEdge said:
I figure that was to conform to EU or similar regulation.
Click to expand...

Correct. They've been doing data collection for years, but now had to disclose it officially in order to offer the product on the EU market. Not sure how they comply with the requirement the data has to stay in the EU.
 
Last edited:
OzarkEdge said:
Pinging ns1.google.com [216.239.32.10] with 32 bytes of data:
Reply from 216.239.32.10: bytes=32 time=49ms TTL=101
Reply from 216.239.32.10: bytes=32 time=48ms TTL=101
Reply from 216.239.32.10: bytes=32 time=48ms TTL=101
Reply from 216.239.32.10: bytes=32 time=49ms TTL=101

Ping statistics for 216.239.32.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms

OE
Click to expand...

Now try...

dig snbforums.com @ns1.google.com

Meaning, generally if you block 8.8.8.8 (and 8.8.4.4), that's ok, ns1.google.com should still resolve somewhere...

I'd be more worried about the applications on the SmartTV - that's the real problem for data collection - Vizio is one problem, Roku is another, and then Samsung and LG are problematic for data collection as well...

The Google TV units sold by Google are pretty secure, and AppleTV boxes have always been pretty good - I'd add nVidia Shield boxes, but not having first hand experience with those...
 
sfx2000 said:
Now try...

dig snbforums.com @ns1.google.com

Meaning, generally if you block 8.8.8.8 (and 8.8.4.4), that's ok, ns1.google.com should still resolve somewhere...
Click to expand...

dig does not seem to be a command on my new Win11 Pro(?)

sfx2000 said:
I'd be more worried about the applications on the SmartTV - that's the real problem for data collection - Vizio is one problem, Roku is another, and then Samsung and LG are problematic for data collection as well...

The Google TV units sold by Google are pretty secure, and AppleTV boxes have always been pretty good - I'd add nVidia Shield boxes, but not having first hand experience with those...
Click to expand...

Mine is a Sony BRAVIA XR A80J 4K HDR OLED with embedded Smart Google TV (2021) XR-55A80J. When I got this TV I unplugged a ROKU Ultra. I've been avoiding southeast Asia OEM media, mobile, and appliance products... too many features, too much cleverness, if that makes any sense. My daughter recently bought a new fridge and commented how many have WiFi... this speaks to my concern that they are bombarding us consumers with features, connectivity, and now AI. Given how difficult it has been for them to secure past devices, I figure the future will be even less secure/private.

I'm not freaking out about it... I'm just giving it some thought, trying to anticipate what might be coming at us next.

A recent discovery here... a bird feeder with a cam in it claimed the microSD slot on the cam was not usable. So I put a 32GB card in it to see what would happen. The app is unaware of it. After a few days I removed it and inspected it on my PC... it was full of bird event videos that included my yard and house... 'residual backend system data'. Point being... these Things do more than we know.

OE
 
Tech9 said:
This is perfect privacy violation example without disclosing intent or taking permission.
Click to expand...

I installed it knowing it uploads to their cloud service... that's permission as good as it gets these days. I would not have bought it... it was a xmas gift to her so I rolled with it... turned it into a security cam aimed at the house.

OE
 
I mean... you did exactly what big companies do. You offered some free food to the birds but didn't ask for permission to film their lives. When and if wildlife rights activists become too vocal you may need to post signs warning the birds about the camera on the feeder. If you want to film EU birds you also may have to offer Accept, Decline or Customize options and store the footage in the EU.
 
Tech9 said:
I mean... you did exactly what big companies do. You offered some free food to the birds but didn't ask for permission to film their lives. When and if wildlife rights activists become too vocal you may need to post signs warning the birds about the camera on the feeder. If you want to film EU birds you also may have to offer Accept, Decline or Customize options and store the footage in the EU.
Click to expand...
Looking forward to @Viktor Jaep getting ahold of this one ... :)
 
Tech9 said:
I mean... you did exactly what big companies do. You offered some free food to the birds but didn't ask for permission to film their lives. When and if wildlife rights activists become too vocal you may need to post signs warning the birds about the camera on the feeder. If you want to film EU birds you also may have to offer Accept, Decline or Customize options and store the footage in the EU.
Click to expand...

Not exactly... we're losing money on bird seed! :)

What happened to the Ubiquiti product detail in your signature... I was looking at their products today and wanted to lookup what you are using?

OE
 
You must log in or register to reply here.

Similar threads

V
PING AAAA requests don't get a reply from default dns
Replies
1
Views
2K
jarekczek
jarekczek
Similar threads
Thread starter Title Forum Replies Date
fax 802.1Q (VLAN) under WAN and LAN-IPTV under LAN, doing the same job?? ASUS Wi-Fi 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 6,962 (members: 20, guests: 6,942)
Back
Top