I recently discovered that my Samsung TV ignores the DNS server specified by my DHCP server and just uses 8.8.8.8. No wonder I still see ads on it. I had to set a NAT rule to override outbound port 53 and redirect it back to NextDNS.

It seems the only other devices on my network that do so are a couple of work-managed laptops.

I don't trust any device to get anything but an IP address from DHCP, everything else must be enforced (like DNS) and go through a router level VPN (vs device level).

I assume you already checked the TV’s network settings and it’s not configured to use a manually specified DNS server?

Does it really need to be connected to the internet? Assume it has some connected services but do you use them or do you use an external Roku or Apple TV for example? Even if it has that built in you might be better off using an external one.

-David

I agree. I prefer a regular TV/monitor and hooking up a mini PC to it. Gives me more flexibility and control. With a lot of these IoT devices you are at the mercy of the manufacturer and their focus is rarely on your security or privacy.

You'll probably find that if you simply block it from getting to 8.8.8.8 and 8.8.4.4, or just block all outgoing port 53 except to where you want DNS to go, then it'll start working as you want. I've seen devices do this before - they try 8.8.8.8 or similar, but if they can't get to there then they'll use what DHCP has told them to use.

eh, if I’m going to set a rule in the router I’ll just force everything to NextDNS.

Out of curiosity, how do you find them? Are you using the free version? I haven't tried figuring out how many DNS queries my network makes but I would also need to figure out how to segregate my IoT stuff (right now a few cameras but would be willing to add a few others) from my regular network.

Nah, I pay the $20/year. It's a handy way to block ads and malware on my network, my parents', and my mother in law's. I went through the free 100k or 300k queries in a week or two.

I found them by setting the router to log anything outbound on port 53 since DHCP hands out the router as the DNS server. Our work laptops also ignore the DHCP settings, so I let them use the DNS they want to. But the TV was always hitting 8.8.8.8 even though I triple-checked it is set to use DNS from DHCP. If/when most things start using DNS over HTTPS or TLS, I'm not sure how I'd find them.

I put most IoT stuff on a separate vlan. Sonos and Apple TV are the exceptions - it was too hard to get them to work across VLANs with my phone.

Not that Roku devices are any better, but I disable the network connections on the smart TV and go through the Roku. I will occasionally plug in an ethernet cable on the TV to check for firmware updates.

I don�t have my telly connected to anything other than a satellite dish and an aerial for Digital Terrestrial Television. When I was looking at possibly replacing the CRT in the bedroom, I had a look round an electronics shop and found the focus is on connected now. A sales associate tried to sell me on the benefits of hooking my tv to the internet. I wasn�t convinced in the slightest and it appeared from his facial expressions that he thought I was odd for not hooking it up. There wasn�t much of an answer to �If I don�t watch streaming services what�s the point� I do have Amazon Prime for the next day free delivery but I use the video side of that at work during breaks as we don�t have a television in our pokey staff room.

Is that not normal now, am I showing my age? I don�t want someone else knowing what I�m watching and that�s what these tv�s are reporting to someone, and then showing me adverts based on that info.

If a sales person did that to me, I'd likely walk out of the store without purchasing anything. The "It's easier and more convenient" argument doesn't work for me. Yes it's a bit more effort, but if it makes things more difficult for someone to trace me, then I'm all for it.

My DHCP server does not give my Sony TV a gateway. That way I can still control it via IP and Home Assistant.

Streaming is done with a Roku, and ads are blocked by a PIHole.

The same Roku that likely does more to track your behavior than your TV does? I'm not sure that's a win...

Its all (mostly 98%) blocked by the PiHole. I don't get ads at all on my Roku