What is awful here is that you shouldn't need to be a network specialist. Our trusted computing devices like routers and whatnot should be safe by default. That they are not is truly a tragedy.
nb: the profit motive.
What is awful here is that you shouldn't need to be a network specialist. Our trusted computing devices like routers and whatnot should be safe by default. That they are not is truly a tragedy.
To be honest - I didn't read the entire thread, but I fixed this issue late last year.
I dumped all my "home" router gear and installed a Ubiquiti network behind my cable modem (300 mbps). I added a USG, 2 * Switch 8-60w and 2 & AP AC PRO wap's.
All my iOT devices (google, thermostat, fridge, etc.) are on an isolated "iot" network. They can scan all day long and all they will see is each other. They have no access to my other segmented networks.
I have 3 others.. 1 is guest, where I throttle bandwidth and kick them off after 4 hrs - stops my kids friends from hogging bandwidth for their games.
Another is for admin purposes (my back door) , and the 3rd is the generic home network most folks have - for pc's phones, etc.
None that I know of, sorry. Home routers don’t support this stuff. Not in their interests.No time to read entire thread @iarsee is there a PnP COTS solution you could point us to?
I believe DD-WRT supports some of the features mentioned, but getting a new paperweight 'cus you bricked the router is no fun.None that I know of, sorry. Home routers don’t support this stuff. Not in their interests.
I'm going to try DD-WRT this weekend before I do the cash outlay on Ubiquiti gear.I believe DD-WRT supports some of the features mentioned, but getting a new paperweight 'cus you bricked the router is no fun.
Yes, for years I was forced to buy "open source" capable routers, so I could install DD-WRT. WhY? 'Cus most home units simply did not provide the granular level of control I wanted.
In my case (last Dec), Ubiquiti (while def more $$ than a TOTL home router) solved MOST of my concerns. VLAN's, DPI, guest network controls, band favoring, and so on.
Just finished doing as USG upgrade
Make sure you follow the installation instructions to the letter.. you don't need another paperweightI'm going to try DD-WRT this weekend before I do the cash outlay on Ubiquiti gear.
backup is 8.8.8.8
Just so you know, that server is managed by an advertising company (Google) and it most definitely logs every single request forever. At least 1.1.1.1 _promises_ not to log, and subjects itself to yearly audits by a somewhat trusted entity.
They have DNSSEC now.I believe Cloudflare also supports at least one of the secure DNS variants you mentioned. I haven’t set that up yet, but I will soon.
I believe Cloudflare also supports at least one of the secure DNS variants you mentioned. I haven’t set that up yet, but I will soon.
They have DNSSEC now.
@JJunkie I'd plug the pi-hole into your Asus router and give it a static IP on the Asus subnet. And then I'd tell the Asus to use the Pi-Hold for primary DNS and ignore whatever the WAN side gets from the Netcomm router via DHCP..
I wouldn't put in on your Netcomm -- it could mess with your house alarm in ways you don't want. Set your NetComm to use your ISPs DNS here, is my recommendation. Otherwise support for your house alarm might be problematic.
I can think of a dozen comments here, but none as good as no comment at all.I'd plug the pi-hole into your Asus...