I’ve been aware of pi-hole for a while now, but never bothered with it because I do most web browsing on a laptop where browser extensions like uBlock origin are good enough. However, with multiple streaming services starting to insert adds into my paid subscriptions, I’m looking to upgrade to a network blocker that will also cover the apps on my smart TV.

I run most of my self hosted services on a proxmox server, so I’d like something that’ll run as an LXC container or a VM. I’m also vaguely aware that various competing applications have come out since pi-hole first gained popularity. Is pi-hole still the best thing going, or are there better options?

  • Maximilious
    link
    fedilink
    411 months ago

    What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      Encryption, UI, probably a little bit more serious development

      But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH

      • DefederateLemmyMl
        link
        fedilink
        English
        311 months ago

        Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like cloudflared or unbound.

        My pihole forwards everything to a cloudflared service running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          Hold on, this is not the same encryption

          The encryption i was talking about is the encryption of your dns server

          The article you sent is talking about upstream dns server encryption

          • DefederateLemmyMl
            link
            fedilink
            English
            111 months ago

            The encryption i was talking about is the encryption of your dns server

            You mean encryption between the client and your DNS server, on your local network?

            • @[email protected]
              link
              fedilink
              English
              111 months ago

              You can do it on your local network, but this won’t make much sense

              I mean encryption between your phone or laptop outside of your house, and your dns server at your house

        • @[email protected]
          link
          fedilink
          English
          1
          edit-2
          11 months ago

          That’s a bunch of extra manual work though - both the initial setup, plus keeping the extra software packages up-to-date. With AdGuard Home, it’s already configured to use DoH by default.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        That’s cool for certain applications but on my home network should I really be super concerned about DNS encryption?

        • @[email protected]
          link
          fedilink
          English
          411 months ago

          Not within the network, but translating regular dns to DoH before heading out to WAN keeps your browsing a little bit more private from your isp. Marginal, but it is a difference.

          • @[email protected]
            link
            fedilink
            English
            111 months ago

            It’s not just a little bit more private… It’s a lot more private. Some ISPs have been known to build advertising profiles using DNS data. It’s trivial for them to see all DNS lookups and even modify the responses, since it’s both unencrypted and unauthenticated by default.

        • @[email protected]
          link
          fedilink
          English
          211 months ago

          Probably not, but anyway it’s pretty cool to have an option to do this kind of stuff

          You can set up this dns on your phone, laptop, without a need of vpn (although vpns are cool, especially tailscale)

          But, are you always connected to the vpn? Or even to connect to the vpn itself you probably need dns, why would not use your own