How to use an alternative DNS server and use DNS as adblocker.

alternative DNS servers

You can configure your computer or router to use a DNS server different from the one that your provider assigns to you. This can make DNS resolution faster and maybe more secure, because some domains, know to be malicious, are blocked by the DNS server. There are a few alternative DNS proiders.

Adblocking

You can also run Pi-hole on a machine in your network an use it as your DNS server. It use an upstream DNS server of your choice and does not resolve domains, which are on the blocklist. This way you get domain name based ad- and malware blocking in your entire network without any software or extra configuration on the clients.

Installing Pi-hole

I recommend installing Pi-hole either on a Raspberry-Pi or in a Docker container. Follow the instructions on https://pi-hole.net/.

For a Docker setup with IPv6 support, I used the following docker-compose configuration.

version: "3"
services:
  pihole:
    image: pihole/pihole
    restart: unless-stopped
    network_mode: host
    environment:
      TZ: 'Europe/Berlin'
      ServerIP: '192.168...'
      ServerIPv6: 'fd00...'
    dns:
       - '127.0.0.1'
       - '1.1.1.1'
    volumes:
       - './pihole/pihole/:/etc/pihole/'
       - './pihole/dnsmasq.d/:/etc/dnsmasq.d/'

I used network_mode: host to get IPv6 working easily and you need to explicitly tell it the ServerIP and ServerIPv6. ServerIP is the IPv4 address of the machine running Pi-hole and ServerIPv6 is the ULA of the machine. You need to configure/enable ULAs in your DHCP server (router) for this to work. It is recommended to use a custom (randomly generated) prefix, get one using the RFC4193 IPv6 Generator.

ULAs

On a Fritz!Box 7490 you can configure ULAs under Heimnetz/Netzwerk/Netzwerkeinstellungen/IPv6-Adressen, check ULA immer zuweisen and enter your generated prefix.

Configure DNS

To make the clients in the network use the Pi-hole DNS server, there are two options. In Pi-hole you need to enable some IPv6 DNS servers under Settings/DNS and check Listen on all interfaces, permit all origins.

Option A

Make the router, which is the current DNS server (actually a DNS proxy that forwards the queries to some upstream server), use Pi-hole as upstream DNS server. On a Fritz!Box enter the PiLokaler DNS-Server-hole IP addresses under Internet/Zugangsdaten/DNS-Server. Enter the IP addresses twice! The Fritz!Box uses both (primary and secondary) and does not switch to secondary only if the primary fails. That’s it, the Fritz!Box now uses Pi-hole as upstream DNS server and local host names are resolved by the Fritz!Box.

Option B

Tell the clients via DHCP to use Pi-hole as DNS. On a Fritz!Box enter the Pi-hole IP addresses under Heimnetz/Netzwerk/Netzwerkeinstellungen/IPv6-Adressen and IPv4-Adressen into Lokaler DNS-Server. Now Pi-hole is advertised as DNS via DHCP. All currently connected clients need to reconnect to get to know about this change.

Additionally you may enable Conditional Forwarding under Settings/DNS in Pi-hole, to allow Pi-hole to resolve local host names by forwarding these request to the router.