This is most important for me to work on troubleshooting with PC Sticks. So I don’t want an expose password that i type. This is great.
I’ve also set up three more rust desk relay servers on my machine so we can connect without any issues between Washington State and Arionza.
We commenced utilizing rustdesk in August 2023, and their updates have been impeccable. We desire the service we receive, and I am grateful for their dedication to their work. I recommend that you consider purchasing a professional license if you wish to construct your own server.
Blue Dot: Starlink connected to ubiquiti dream station, that we want
Green Dot: Xfinity connected to ubiquiti dream station.
We want to discontinue Comcast’s service at Green Dot so that Blue Dot can provide internet to Green Dot instead.
He is considering setting up a wireless bridge between the two rooftops, but he needs my assistance to establish a connection from Blue Dot’s Ubiquiti (connected via Starlink) to Green Dot’s Ubiquiti. This would allow him to cancel the Xfinity plans.
I successfully installed new wiring, which required me to access the attic for the first time. The project involved drilling to run two Cat6 cables for a client’s access point and a NanoBeam 5AC Gen 2 in a cottage house. Altogether, I installed ten Cat6 cables to support both the cottage and the hotel laundry building.
I have successfully reached the owner and assured him that it is safe to cancel his Comcast Business service. He can now transition to Starlink and take advantage of their new advanced protocols.
Laundry Hotel, i did install it there and set It up as Main Internet, then cottage i did set AP bridge, and now it is working Added 2 new wires for NBE-5AC-Gen2 and UAP-AC-LTEThat is where I plan to put Mount AP on there.NanoBeam 5AC Gen 2 Cottage house (client router) Zip tie all blue cable and power. Yellow cat 5e already removed. So it all nice and clean.100 download and 100 upload good speed between Hotel to cottages.. 2 miles away not badHotel wifi access point to cottage house
What a wild ride! As someone who cares deeply about keeping ads and trackers away, I run not one, not two, but threeAdguard Home DNS servers for my network and my work and a few trusted friends. Things were smooth…until today’s wake-up call.
When 3 DNS Servers All Go Down
Early this morning, my phone lit up with monitoring alerts: All three Adguard Home DNS servers were timing out. At first, I figured it was typical network flakiness, but when I logged in and checked the stats—yikes! Each DNS server was being bombarded with requests. Log entries were flying by like a slot machine, and CPU loads were through the roof.
I quickly realized: this was a full-blown DDoS attack. Someone (or something) had decided today was the day to flood all my DNS instances and bring them to their knees.
Port 53 is Love, Port 53 is Pain
If you run a DNS server, you know traffic flows through port 53. It’s the default, it’s widely known, and unfortunately, it makes you a target. Even with basic security and firewall rules, a determined attacker can throw a gigantic amount of junk queries your way. The more public your DNS, the more likely it is to end up on a botnet’s hit list.
I tried to mitigate: blocking IPs, tweaking Adguard’s query limits, but the traffic just kept coming—botnets can scale, after all.
The Fix: Hello, DNS-over-TLS (853)!
Desperate for relief, I remembered what sets modern DNS apart: encryption. Both DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) remove reliance on the open port 53, using encrypted connections to a different port.
DoT uses port 853.
So, I did something radical (for my setup):
I closed public access to port 53 on all three servers.
I configured Adguard Home to only accept DNS-over-TLS traffic on port 853.
I made sure my clients (phones, computers, routers) were using DoT (port 853) instead of plain DNS.
Like flipping a switch, the attack ended. No more flood, no more timeouts—just blissfully fast, secure DNS again.
Why This Works
Open port 53 is universally scanned—by researchers and attackers—for DNS servers to abuse. By limiting access and switching to encrypted DNS-over-TLS, you:
Hide your DNS from general internet scanning.
Require authentication (sort of; at least a valid TLS handshake).
Dramatically reduce DDoS exposure, since randomized bot attacks target port 53 by default.
Lessons Learned
Don’t run a public port 53 DNS unless you must. Always lock it down or require VPN/TLS/DNSCrypt.
Encourage clients to use DoT or DoH—they get privacy AND you get peace of mind.
Know your tools: Adguard Home makes it surprisingly easy to deploy DNS-over-TLS.
If you rely on DNS, have a mitigation plan—DDoS can strike anyone, anytime.
Next steps? I’ll keep a close eye on logs, make sure clients are all set up with DoT, and might even look into DNS-over-HTTPS as a backup.
How about you? Have you had to defend your home DNS from attacks? Share your story below!
Stay safe, and happy (private) browsing!
The initial offensive commences on May 25, 2024. Additionally, the internet will experience a gradual slowdown to 2 Mbps and 3 Mbps during uploads; this is how people tell us they did the DDoS attacks on us.This is after and much better
My DNS query results confirm that all our DNS servers are secured with DNS over TLS encryption.
