this post was submitted on 28 Jun 2026
11 points (100.0% liked)

No Stupid Questions

4157 readers
30 users here now

There is no such thing as a Stupid Question!

Don't be embarrassed of your curiosity; everyone has questions that they may feel uncomfortable asking certain people, so this place gives you a nice area not to be judged about asking it. Everyone here is willing to help.


Reminder that the rules for lemmy.ca still apply!


Thanks for reading all of this, even if you didn't read all of this, and your eye started somewhere else, have a watermelon slice ๐Ÿ‰.


founded 4 years ago
MODERATORS
 

A lot of devices require internet for st least one time to set them up.

How can I set them up such that as soon as I've programmed them/set their schedule, I can deny them access and prevent them from being chatty back with the mothership?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] walden@wetshav.ing 1 points 3 days ago* (last edited 3 days ago)

This approach works sometimes, but not for a lot of IoT devices.

PiHole, Adguard Home, Technitium, and others act as DNS servers and cache. DNS is what takes a domain name like https://climate.us/ and tell your computer the actual network address of that website. In the case of climate.us it's 2600:9000:2032:2a00:1b:a10e:7bc0:93a1 for IPv6 and 13.32.241.53 for IPv4.

Most computers are well behaved. When they contact your router, they ask it "hey, what should I use as my DNS server?". If you've set up AdGuard Home in your LAN, your router would respond "192.168.2.69", for example.

At that point, your computer would ask 192.168.2.69 all of its DNS queries.

IoT devices, on the other hand, often ignore the router when instructed to use a specific address for DNS. Google products, for example, are hard coded to 8.8.8.8. So if you're trying to block a Google device from finding something on the internet, it gets more complicated.

DNS traffic all happens over port 53, both UDP and TCP. So to fully capture every single DNS request coming from your LAN, you need a router which is able to filter those requests and "translate" them. So the router would step in for a request to 8.8.8.8:53 and translate it to 192.168.2.69:53. Keep in mind you also have to set your router to not do this for 192.168.2.69, because then AdGuard Home will be asking itself DNS queries, which it still needs to find out on the internet.

That's the hard part. From there, you check AdGuard Home or whatever, and see what addresses each IoT device is trying to reach.

If a WiFi connected toothbrush keeps trying to reach 'chinesetrackingcompany.com', then you can manually block that domain. The toothbrush will try for a bit, then give up.