Introducing Pi-hole v6
-
I layer up. Always pihole, and whatever I can run locally on a machine or browser.
-
Has anyone tried https://github.com/hickory-dns/hickory-dns? It seems to be a complete DNS server instead of what looks like a bunch of bash config for a standard Linux tool. There are block lists you can configure as well, and it supports pretty much everything.
It's way overkill, but hey, why not?
-
That's a good point
-
I still prefer NextDNS
-
That says it will only function for 300,000 queries per month. Based on my last 24 hours from pi-hole, that wouldn't even last a week. Are you using a paid plan?
-
Ah, I saw another comment about this. The free plan is 300,000 queries a month. That'd last me almost a week before it stops working.
-
Top premitted domain: e621.net
A fellow sysadmin furry I see
-
I have both but just use pihole as a local DNS server/forwarder. I bump into too many random times where sites or redirects don't work properly since they get blocked.
-
DNS over HTTPS. It allows encrypted DNS lookup with a URL, which allows for url-based customizations not possible with traditional DNS lookups (e.g. the server could have /ads or /trackers endpoints so you can choose what to block).
DNS Over TLS (DoT) is similar, but it doesn't use URLs, just IP addresses like generic DNS. Both are encrypted.
-
NextDNS isn’t selfhosted, is it?
-
It doesn’t really look different at all
-
They've added a bit more info to the query log, when you click on individual items.
It's still not a native feature, but; You can add DOH using cloudflared, incl configuring which upstream(s) to use (you don't have to use cloudflare itself, just the tool).
There's even a docker version.
-
I probably would just stick with dnsmasq
-
It's really nice for random browsing/apps. Games, free tools, general web browsing; none of it loads ads.
Some mobile games will even attempt to load ads, fail, then give you the reward for 'watching' the ad.
It also stops devices from phoning home to upload telemetry and blocks known malware domains. (depends on the lists you use, heres a source for some lists)
-
Little of column A little of column B.
I use pihole on the LAN, then upstream is cloudflared translating DNS to DOH using NextDNS as the primary and Quad9 as the fallback.
Looking at the last 24hrs; my whole LAN network has made 91k DNS requests, 14.5% of that being passed to the upstream (the rest is locally cached responses or blocked) so ~12.7k served by NextDNS.
When/if that 300k limit is reached, cloudflared will just fallback to Quad9.With this I get the blocking from NextDNS as well as whatever additional lists I want to use; plus pihole serves local only records for self-hosted services and fixed names for LAN devices (I find standard broadcasted hostnames unreliable at best).
-
This is one of the reasons why I set up a Wireguard VPN connection to my home network, and an on-demand VPN connection on my phone that automatically turns on anytime I’m not on the home network. Even away from home I get the benefits of my Pi-hole+Unbound (running as recursive resolver) setup.
-
No native support for DoH in Pi-Hole yet. Additional setup is required to enable it on Pi-Hole[1].
-
Yeah, I still remember ISPs replacing DNS failures with their own search engines been happening for decades
-
I am. Paid plan equates to like $2-3 per month. Tied it into Tailscale (I think TS has official docs explaining how) and haven't given it another thought.
-
I use it in this configuration.
It works well except, if you lose connection temporarily the cloudflared stops responding until some, long (60s or so) timeout period.
A minor annoyance, I usually just manuirestart the service... but I cannot find the setting that is causing this.
