I previously had some Roku devices in my house and they immediately went into a restricted VLAN not for the least of reasons that their ToS/privacy policy stated I was agreeing to give them permission to collect data about my network and send it back to them. Whatever that means.
Roku devices hardcode 8.8.8.8 DNS in their software. So a Pi-Hole would be useless in a typical config. Evident by the constant hammering of dns.google in my firewall logs (dropped).
DNS filtering can only be effective if you intercept/drop all other outbound DNS traffic at the edge of your network.
Yeah. It's less a hammer and more a strip of "do not cross" plastic ribbon across a freeway. It only works while they play nice, and they probably even breach it accidentally sometimes.
> Roku devices hardcode 8.8.8.8 DNS in their software.
Are they fussy about where responses come from? If not then you can redirect to your local filtering DNS service. If they do "protect" themselves that way then I'll add them to the list of devices that I'll never knowingly connect to my network.
Roku devices hardcode 8.8.8.8 DNS in their software. So a Pi-Hole would be useless in a typical config. Evident by the constant hammering of dns.google in my firewall logs (dropped).
DNS filtering can only be effective if you intercept/drop all other outbound DNS traffic at the edge of your network.