Comments (5)
Lissy93
commented on May 22, 2024
1
These links might be of help to you, if you're having trouble understanding how to implement this
- Pi-Hole, DoH, DNSCrypt and Cloudflare
- Pi-Hole with DNS over HTTPS using CloudFlare
- Pi-Hole Recursive DNS Server w Unbound
- DNS-over-HTTPS in Unbound
- DNSCrypt Proxy on Pi Hole
As an example, this is how I've set it up in LAN: Clients within my network connect through OPNsense, for inbound/ outbound WireGuard VPN, IDS, monitoring etc. OPNSense forwards DNS queries onto pihole, which will block domains on the blacklist, and for all the rest, it will either immediately return the IP if already cached, or use Unbound to forward any non-cached results with DoH upstream onto NextDNS's servers.
from personal-security-checklist.
nocturnalarchives
commented on May 22, 2024
1
You clearly missed the point DOH allows devices on your network to bypass your pihole completing sacrificing your privacy by allowing marketing companies to track you. Maybe if you stopped to think a minute you would grasp this, because you are 1247.2% wrong here.
from personal-security-checklist.
rusty-snake
commented on May 22, 2024
1
DOH allows devices on your network to bypass your pihole
Sorry, but this has nothing to do with DoH. Every device in your network can ignore your pihole (e.g. dig @9.9.9.9 github.com). You would need a firewall that does DPI to stop this.
from personal-security-checklist.
Lissy93
commented on May 22, 2024
Hi @nocturnalarchives - Thanks for raising this issue.
You're DNS lookups expose more than you realize, and DoH (along with other DNS encryption methods) reduces what data can be logged.
Absolutely ad-blocking is important too, but there's no reason why you can't use Pi-Hole alongside DoH, in fact I would recommend you do so (here's an example of a Pi-Hole Docker compose preconfigured with DoH).
from personal-security-checklist.
Lissy93
commented on May 22, 2024
Thanks for the reply @nocturnalarchives - but I think you're misunderstanding. The DNS queries are encrypted once they leave you're Pi-Hole. The easiest setup I've found is to use DoT from client to local Pi-Hole, and then DoH from Pi-Hole to authoritative dns server. Pi-Hole still blocks ads, and you're using DoH where it matters. Alternatively, check out this article on using DoH via CloudFlare from the Pi-Hole docs.
It's also worth noting that you can still be tracked, via numerous methods even with the strictest ad-blocking methods in place. Be careful not to put too much faith in you're Pi-Hole. Take a look at browser fingerprinting. If you're really worried, use Tails n Tor.
from personal-security-checklist.
Related Issues (20)
- [ADDITION] translation into Chinese
- [AMENDMENT] A little error in the README.MD
- Broken hyperlinks in README.md HOT 1
- ~ 50 broken links in other md files HOT 1
- [REMOVAL] Information about Silence
- [REMOVAL] Disable WebRTC
- [AMENDMENT] Disable WebRTC
- [ADDITION] Add Information about PassKeys (with Apple, Microsoft, Google, Github etc)
- how to fork as github page HOT 1
- [ADDITION] altTech web directory
- [AMENDMENT] Invisible Hyperlinks HOT 2
- [AMENDMENT] DNS-over-HTTPS vs DNS-over-TLS
- [AMENDMENT] Missing links re. third-part cookies
- [REMOVAL] Change your Router's Default IP
- [AMENDMENT] Harmonize wording: "recommended", "basic", "essential" HOT 1
- [AMENDMENT] is the "Spoofing GPS" advise suggesting something illegal? HOT 2
- [AMENDMENT] Ability to edit unclear/not working HOT 5
- Noob is looking for the help!
- 404 Issue in self running copy - no checklists working.
- digital-defense.io - gorgeous!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from personal-security-checklist.