I use pihole on the LAN, then upstream is cloudflared translating DNS to DOH using NextDNS as the primary and Quad9 as the fallback.
Looking at the last 24hrs; my whole LAN network has made 91k DNS requests, 14.5% of that being passed to the upstream (the rest is locally cached responses or blocked) so ~12.7k served by NextDNS.
When/if that 300k limit is reached, cloudflared will just fallback to Quad9.
With this I get the blocking from NextDNS as well as whatever additional lists I want to use; plus pihole serves local only records for self-hosted services and fixed names for LAN devices (I find standard broadcasted hostnames unreliable at best).
Little of column A little of column B.
I use pihole on the LAN, then upstream is cloudflared translating DNS to DOH using NextDNS as the primary and Quad9 as the fallback.
Looking at the last 24hrs; my whole LAN network has made 91k DNS requests, 14.5% of that being passed to the upstream (the rest is locally cached responses or blocked) so ~12.7k served by NextDNS. When/if that 300k limit is reached, cloudflared will just fallback to Quad9.
With this I get the blocking from NextDNS as well as whatever additional lists I want to use; plus pihole serves local only records for self-hosted services and fixed names for LAN devices (I find standard broadcasted hostnames unreliable at best).
Thank you. That’s incredibly insightful. When I get the cash I’ll setup a PiHole