Thank you . @ sugestion ---- > What about a seperate thread ' DNS security and add and tracking blocking ' ? Thoughts / mental confusion / ' brain ' storming ( if they're crap please someone tell me ) ---- > I want to get rid of adblock in my browser ........ and have an empty HOST file ........ because ....... they slow my computer / surfing down ? .......... and microsoft has hard coded IP adresses so that they ' go round ' the HOST file = Its ( next to ) useless . I dont want to put my security in the hands of others ...... as far as possible ....... so my ISP and any DNS server is suspect I cant control anything on the net side of my router . My router is the last and best chance i have of blocking anything . I have more control and less risk useing blocks on my router ? If i understand right ? ........ my DNS queierys go through my ISPs server = They see where i want to go whatever i do because each quiery has an clear to see IP adress ? ( I used DNSCrypt in the unuk and the ISP = virgin blocked a site = they could see where i wanted to go = DNSCrypt doesnt work ? ) SO ...... atm my thoughts go in the direction of my own router , with an open source alternative router firmware , DNSCrypt with its block list componant and / or a Pi Hole . What i cant understand is ----- > I send a DNS request ....... it goes over my ISPs server whatever i do ? ........ they can see where i'm going ? ........ question = Is it that when i make that request to my chosen DNS server ........ it makes a tunnel so that my ISP cant see any othe requests i make except to the original DNS server ? ........ If not why not ?