I’ve been aware of pi-hole for a while now, but never bothered with it because I do most web browsing on a laptop where browser extensions like uBlock origin are good enough. However, with multiple streaming services starting to insert adds into my paid subscriptions, I’m looking to upgrade to a network blocker that will also cover the apps on my smart TV.
I run most of my self hosted services on a proxmox server, so I’d like something that’ll run as an LXC container or a VM. I’m also vaguely aware that various competing applications have come out since pi-hole first gained popularity. Is pi-hole still the best thing going, or are there better options?
What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.
Encryption, UI, probably a little bit more serious development
But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH
Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like
cloudflaredorunbound.My pihole forwards everything to a
cloudflaredservice running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/Hold on, this is not the same encryption
The encryption i was talking about is the encryption of your dns server
The article you sent is talking about upstream dns server encryption
You mean encryption between the client and your DNS server, on your local network?
You can do it on your local network, but this won’t make much sense
I mean encryption between your phone or laptop outside of your house, and your dns server at your house
That’s a bunch of extra manual work though - both the initial setup, plus keeping the extra software packages up-to-date. With AdGuard Home, it’s already configured to use DoH by default.
That’s cool for certain applications but on my home network should I really be super concerned about DNS encryption?
Not within the network, but translating regular dns to DoH before heading out to WAN keeps your browsing a little bit more private from your isp. Marginal, but it is a difference.
It’s not just a little bit more private… It’s a lot more private. Some ISPs have been known to build advertising profiles using DNS data. It’s trivial for them to see all DNS lookups and even modify the responses, since it’s both unencrypted and unauthenticated by default.
Probably not, but anyway it’s pretty cool to have an option to do this kind of stuff
You can set up this dns on your phone, laptop, without a need of vpn (although vpns are cool, especially tailscale)
But, are you always connected to the vpn? Or even to connect to the vpn itself you probably need dns, why would not use your own