I want to run my own DNS at home to configure on my mobile devices

Toggle sidebar Toggle sidebar
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
I'm sick of the limited memory capacity of the iPhone 6 Plus and constant crashing from sites with bloated ad networks. I want to run my own DNS server to blacklist the domains of most ad networks. I know I can get a list from MVPS. How should I go about configuring my Win10 desktop PC to behave as a DNS server? I also want to make sure it's configured in the best way to prevent it from participating in DDoS DNS amplification attacks.

If I can do this, I want to configure all the iDevices in my family (mother, brother, nephew, my own iPad, my own iPhone, etc) to use it.
 
Last edited:
sdifox

sdifox

No Lifer
Sep 30, 2005
100,257
17,899
126
Make more sense to use a firewall. No noscript for safari?
 
Last edited:
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
DHCP DNS Dual Server

http://sourceforge.net/projects/dhcp-dns-server

If it's only for internal use, you don't need to worry DDoS attack.

I have no idea how good this DNS is able to to defend DDoS attack if you open it to outside world.

You do need setup DHCP server so when home clients get DHCP lease they will point to the Win10 DNS as its DNS, you also need to open up TCP&UDP port 53 on Win10 firewall.

And configure it to forward DNS query to trusted public DNS like the one from Verizon like 4.2.2.1 & 4.2.2.2

===========

Win10 network ip address must be fixed. If not, even the Dual DHCP DNS service in Services show it's running, you can't access the web interface.

Look for log file under C_Drive\DualServer\Log for troubleshooting.

DualServer.ini for configuration. Restart the service after modification.
 
Last edited:
CZroe

CZroe

Lifer
Jun 24, 2001
24,195
857
126
He specifically wants it for use on the go from various other Internet connections. Some of the people he wants to use it aren't even in the same state
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
Yeah. I want my DNS server to be remotely accessible. In the configuration on my mobile devices, I can override DHCP DNS for the WiFi networks I use most. I hope I can also use VPN to connect to my home LAN and use my custom DNS with the AT&T mobile data connection on my phone.

My ISP doesn't block any ports. I can host a public server of any kind with no problems.
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
sdifox said:
No noscript for safari?
Click to expand...

For mobile Safari, you have to leave Safari and open the Settings applet, then dig several choices deep to enable / disable Javascript. Of course, that breaks half the web, so you can't leave it turned off.
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
mxnerd said:
DHCP DNS Dual Server

http://sourceforge.net/projects/dhcp-dns-server

If it's only for internal use, you don't need to worry DDoS attack.

I have no idea how good this DNS is able to to defend DDoS attack if you open it to outside world.

You do need setup DHCP server so when home clients get DHCP lease they will point to the Win10 DNS as its DNS, you also need to open up TCP&UDP port 53 on Win10 firewall.

And configure it to forward DNS query to trusted public DNS like the one from Verizon like 4.2.2.1 & 4.2.2.2

===========

Win10 network ip address must be fixed. If not, even the Dual DHCP DNS service in Services show it's running, you can't access the web interface.

Look for log file under C_Drive\DualServer\Log for troubleshooting.

DualServer.ini for configuration. Restart the service after modification.
Click to expand...

My desktop PC has a reserved IP address on the LAN and I can open port 53 to the Internet (I will access this from my mobile devices even when I'm away from home).

I'll try it and see if this will work.
 
sdifox

sdifox

No Lifer
Sep 30, 2005
100,257
17,899
126
Ichinisan said:
Adblock Plus for Safari works perfectly fine on my mother's 2009 iMac. No extensions on mobile Safari for iOS.

I want it to affect all mobile apps too...not just web browsers.
Click to expand...

I am not familiar with ios but I am pretty sure it caches dns table.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Inbound Rules for port 6789 needs to open for DualServer's default internal http web interface.

use [DNS_ALLOWED_HOSTS] section to define what range of ip addresses are allow to query your DNS server.
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
sdifox said:
I am not familiar with ios but I am pretty sure it caches dns table.
Click to expand...

Not sure what that has to do with anything. If I always use my personal DNS, it will cache the null/redirected IP address for each blacklisted domain it tries to query...exactly as I want it to do.
 
Fardringle

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
It would be simpler to use a service like OpenDNS, and add the list of advertising servers to your "Always Block" list, then point your devices to the OpenDNS servers...
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Fardringle said:
It would be simpler to use a service like OpenDNS, and add the list of advertising servers to your "Always Block" list, then point your devices to the OpenDNS servers...
Click to expand...

It will be painstaking to enter a very long list, and I think OP wants to have a always on PC server/workstation.

Copy & paste a long blacklist into DualServer is much easier.
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
mxnerd said:
It will be painstaking to enter a very long list, and I think OP wants to have a always on PC server/workstation.

Copy & paste a long blacklist into DualServer is much easier.
Click to expand...

Yeah. Also, to maximize security / privacy, I think it's best to involve fewer parties.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom