Do you use one or several providers ?
Do you use it at Browser, Device/OS, Router level ?
What’s your configuration ?
Two piholes at home (redundancy). Those both translate all regular DNS requests to DoH using Cloudflared which rotate through 4 non-isp upstream DoH providers.
The router is set to block all port 53 traffic from leaving the network and handout the 2 pihole IPs to dhcp clients for dns. If a LAN device wants regular dns, it MUST use the lan servers or it’ll get no response. (or it can use its own DoH setup and/or vpn out of the network). This enforces the ad/telemetry/malware blocking lists pihole uses without having to configure dns on everything.
Those piholes also keep lists/records in sync using Gravity-Sync. Should I change ad lists or add/remove lan dns records, I don’t have to do it on both.
/etc/unwind.conf
block list "/var/db/unwind_blocklist" forwarder { X.X.X.X port X DoT X.X.X.X port X DoT } preference { DoT }
unwind_blocklist is generated with this script I wrote:
#!/bin/sh # Blocklists for unwind(8) blocklist=/var/db/unwind_blocklist [ ! -f $blocklist ] && \ (umask 117; touch $blocklist && chgrp _unwind $blocklist) { ftp -V -o - \ https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt \ http://winhelp2002.mvps.org/hosts.txt \ http://sysctl.org/cameleon/hosts \ https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt \ https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt \ https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt echo twitter.com echo www.twitter.com echo www.x.com echo x.com echo facebook.com echo www.facebook.com } | awk -safe ' !/^M|#|(^|\.)[[:blank:]]*$|^definitely_not_porn$/ { if ($1 ~ /127\.0\.0\.1|0\.0\.0\.0/) { $0 = $2 } if ($0 ~ /[[:upper:]]/) { print tolower($0) } else { print $0 } } ' | sort -u >$blocklist rcctl restart unwind
Regenerates occasionally with cron.
DHCP at the router that gives out these two filtered DNS servers from AdGuard:
- 94.140.14.14
- 94.140.15.15
https://adguard-dns.io/en/blog/adguard-dns-new-addresses.html
Mullvad’s DNS servers at the router level.
I use NextDNS. I use it network wide on my home internet and also have it installed on all my devices.