69
submitted 8 months ago by splintertank@lemmy.world to c/privacy@lemmy.ml

My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I'm guessing there's a better, more private, option?

you are viewing a single comment's thread
view the rest of the comments
[-] Darkassassin07@lemmy.ca 18 points 8 months ago

Regular DNS can be monitored, intercepted, and modified however your ISP decides, even with you specifying custom DNS servers.

I run pihole on my LAN, with cloudflared as its upstream DNS. Cloudflared translates regular DNS into DOH using cloudflare and quad9 as the upstream DOH providers (configurable).

Pihole DOH with cloudflared

Finally I block all port 53 (dns) traffic at the router so it cannot leave my LAN. All LAN devices that want regular DNS are forced to use the LAN DNS server which wraps their requests in DOH for them. (as well as blocking ads, tracking/telemetry, and known malware sites)

[-] drspod@lemmy.ml 8 points 8 months ago

What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.

[-] Darkassassin07@lemmy.ca 3 points 8 months ago

I'm not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I'm at it.

Just sharing the knowledge for those that are interested. You can use any DOH provider you like.

[-] fmstrat@lemmy.nowsci.com 1 points 8 months ago

You can run Unbound with PiHole, that way its upstream is root servers instead of a single site.

[-] Ooops@feddit.org 1 points 8 months ago

But at that point pihole is just a fancy web interface with some nice looking but for most purposes useless graphs. I just let Unbound filter stuff with the same filter lists pihole would use.

[-] fmstrat@lemmy.nowsci.com 1 points 8 months ago

True, but there's use in the UI. I.E. manual blocking/unblocking is simplified. Some use ot for DHCP, too.

[-] MangoPenguin 4 points 8 months ago

Adguard Home supports TLS, HTTPs, QUIC and other stuff natively, in case anyone reading wants to set up a pihole equivalent with less work for encrypted DNS.

https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams

[-] Lemmchen@feddit.org 2 points 8 months ago

Why would you need cloudflared? Can't you justbset DoH/DoT servers as a backend in Pi-Hole?

[-] Darkassassin07@lemmy.ca 1 points 8 months ago* (last edited 8 months ago)

Pihole doesn't directly support DOH. What I linked is their official guide for implementing it: using cloudflared.

There is other ways you can do this. This is just what I've been using.

this post was submitted on 04 Feb 2025
69 points (100.0% liked)

Privacy

42779 readers
1079 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS