If you are using a network level block, make sure it’s a black hole and not just a DNS filter. I tried a DNS filter with a Roku and found that they bypass it with hardcoded values, even when the DNS server was statically assigned and DHCP assigned.
What you mean by black hole and filter? I blocked a bunch of tcl domains on my pihole and made my router drop everything in port 53 coming from every other device that wasn’t pihole. It seems to have worked for now… Is that a good solution?
No, it’s not robust. It may work for your TV, but it can be worked around.
DNS is like a phone directory for Internet: it translates domain name to IP addresses. If you block the DNS (what pihole does), it blocks the directory access.
But if the IP address of the servers are hard-coded in the firmware, the TV does not need a DNS, it can reach the server directly.
To trick the TV, you need to restrict the IPs it can reach. It might be delicate: it probably tries to ping some comme IPs to check it’s connected, then call the brand’s server for ads/updates/etc.
Pi-hole blocks the name resolution. TV wants to go to Hisense.com, asks your Pi-hole where that site is. Your Pi-hole sees that Hisense is on a block list, so it says back to your TV “sorry, no idea how to get to that site, it must be offline.”
If the manufacturer wants to get around this, they program a public DNS in, like 8.8.8.8, or they hardcode the static IP for their website into the TV. Now when it wants to go to Hisense, it never has to ask your Pi-Hole where that site is, and it doesn’t get blocked. Heck, it probably won’t even show up on your Pi-hole’s logs.
If you black hole the site, then any traffic going out there gets dropped, and the hard-coded addresses on the TV don’t matter for shit.
Your Pi-hole can only block the things that query DNS. Try this, ping a website you don’t normally go to, and you should see that show up in Pihole log. Next, ping an IP, I usually pick on 8.8.8.8, and see if that shows up in your Pi-hole’s logs. I’m fairly confident it won’t.
Best I can do is Google it and read it to you. I’m a little knowledgeable about how a pihole works since I have my Net+, and I’ve set up a few Pi-hole’s (or the same one a few times tbh), but I’m definitely not a networking expert.
If you are using a network level block, make sure it’s a black hole and not just a DNS filter. I tried a DNS filter with a Roku and found that they bypass it with hardcoded values, even when the DNS server was statically assigned and DHCP assigned.
Wait till they start paying netflix to relay data for them :)
What you mean by black hole and filter? I blocked a bunch of tcl domains on my pihole and made my router drop everything in port 53 coming from every other device that wasn’t pihole. It seems to have worked for now… Is that a good solution?
No, it’s not robust. It may work for your TV, but it can be worked around.
DNS is like a phone directory for Internet: it translates domain name to IP addresses. If you block the DNS (what pihole does), it blocks the directory access. But if the IP address of the servers are hard-coded in the firmware, the TV does not need a DNS, it can reach the server directly.
To trick the TV, you need to restrict the IPs it can reach. It might be delicate: it probably tries to ping some comme IPs to check it’s connected, then call the brand’s server for ads/updates/etc.
Pi-hole blocks the name resolution. TV wants to go to Hisense.com, asks your Pi-hole where that site is. Your Pi-hole sees that Hisense is on a block list, so it says back to your TV “sorry, no idea how to get to that site, it must be offline.”
If the manufacturer wants to get around this, they program a public DNS in, like 8.8.8.8, or they hardcode the static IP for their website into the TV. Now when it wants to go to Hisense, it never has to ask your Pi-Hole where that site is, and it doesn’t get blocked. Heck, it probably won’t even show up on your Pi-hole’s logs.
If you black hole the site, then any traffic going out there gets dropped, and the hard-coded addresses on the TV don’t matter for shit.
I don’t think my tcl TV has it hardcoded because my pihole is always blocking tcl domains
![(https://media.piefed.social/posts/tU/o1/tUo1JxYy1qjG7g4.jpg)]
Your Pi-hole can only block the things that query DNS. Try this, ping a website you don’t normally go to, and you should see that show up in Pihole log. Next, ping an IP, I usually pick on 8.8.8.8, and see if that shows up in your Pi-hole’s logs. I’m fairly confident it won’t.
Where can I find out more about black holing a site?
Best I can do is Google it and read it to you. I’m a little knowledgeable about how a pihole works since I have my Net+, and I’ve set up a few Pi-hole’s (or the same one a few times tbh), but I’m definitely not a networking expert.
Cool! Thanks!
Yep, same issue with Firestick here.