[Solved] Why directing DNS to eBlocker is not sufficient

1 Posts
1 Users
0 Reactions
27 Views
(@random)
Illustrious Member Admin
Joined: 5 Jahren ago
Posts: 2056
Topic starter  

I'm picking up on a post of @neuling that shows a severe misunderstanding of how eBlocker works. I'm taking the opportunity to clear things up for others users not to stumble over the same mistake. In addition I'll briefly discuss how to configure the network correctly to get full advantage out of eBlockerOS.

eBlockerOS is designed to filter all traffic - not just to block certain DNS requests!!!!

If eBlocker is only set to be the DNS server (as @neuling suggests) but not as gateway then the big advantages of eBlockerOS are completely eliminated. For instance:

  • IP-anonymization will not work
  • the device cloaking will not work
  • the pattern matching blocker will not work
  • the YouTube/video ads blocker will not work
  • and individual device settings will not work either - along with more disadvantages.

In @neuling's suggested setup eBlockerOS will only act as a DNS-blocker (like Adguard, Pihole and other such simple domain blockers) which yield to over-blocking as well as under-blocking.

To get the full power out of eBlockerOS all IP packets rather need to go to eBlockerOS first. eBlockerOS will then only forward the good requests to the Internet router and block all bad requests (ie. for trackers, ads etc). If eBlockerOS is set to anonymize the traffic, the IP packets are encrypted for the given provider or Tor before(!) passing the packets to the Internet router. 

To make sure eBlocker gets all IPv4 packets there are four options:

  1. Automatic Network Mode (=default). This mode uses ARP spoofing to direct all IP packets to eBlocker (without setting eBlocker as gateway in the clients). But this method can yield to issues with certain routers, stream interrupts or such. The mode is recommended for tech novices.
  2. Set eBlocker as gateway and DNS server for all clients (using DHCP). Then (by IP design) eBlocker gets all IP packets. The easiest to set eBlocker as gateway is to have eBlockerOS act as the DHCP server. Then all clients using DHCP for network configuration will automatically be set to use eBlocker as gateway and DNS server. This is the recommendation for most users with minimal tech background. To set eBlocker as DHCP server just switch to Individual or Expert Network Mode and follow the instructions.
  3. In the rare case you are running a professional DHCP server (not within your router), you can also set eBlocker as gateway and DNS server in the DHCP server. BTW: Most  DHCP servers implemented in routers are not flexible enough for this configuration setting.
  4. As a last alternative eBlocker's IP can be set manually in all clients (using a static configuration). This is not recommended unless you are a network geek and want to have everything under your full control.

For IPv6 things are a little easier as eBlockerOS announces itself as a router with high priority. Then (by IPv6 design) all IPv6 packets are directed to eBlocker first. But IPv4 is always used in parallel by all client OSs so the IPv4 configuration discussed above can not be neglected in IPv6 networks.

All this is documented very well - and you can't go wrong if you just follow the Setup Instructions carefully.

Again: Do not just setup eBlockerOS as your DNS server. This is not enough and will result in inferior blocking and no anonymization taking place!

Hope this helps to get the full power of eBlockerOS into your network 👍

THX!


   
ReplyQuote

Nach oben scrollen