My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?
My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?
Regular DNS can be monitored, intercepted, and modified however your ISP decides, even with you specifying custom DNS servers.
I run pihole on my LAN, with cloudflared as its upstream DNS. Cloudflared translates regular DNS into DOH using cloudflare and quad9 as the upstream DOH providers (configurable).
Pihole DOH with cloudflared
Finally I block all port 53 (dns) traffic at the router so it cannot leave my LAN. All LAN devices that want regular DNS are forced to use the LAN DNS server which wraps their requests in DOH for them. (as well as blocking ads, tracking/telemetry, and known malware sites)
What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.
I’m not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I’m at it.
Just sharing the knowledge for those that are interested. You can use any DOH provider you like.
You can run Unbound with PiHole, that way its upstream is root servers instead of a single site.
But at that point pihole is just a fancy web interface with some nice looking but for most purposes useless graphs. I just let Unbound filter stuff with the same filter lists pihole would use.
True, but there’s use in the UI. I.E. manual blocking/unblocking is simplified. Some use ot for DHCP, too.
Adguard Home supports TLS, HTTPs, QUIC and other stuff natively, in case anyone reading wants to set up a pihole equivalent with less work for encrypted DNS.
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams
Why would you need cloudflared? Can’t you justbset DoH/DoT servers as a backend in Pi-Hole?
Pihole doesn’t directly support DOH. What I linked is their official guide for implementing it: using cloudflared.
There is other ways you can do this. This is just what I’ve been using.