-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CONTENT-CHANGE] #55
Comments
Hi @nocturnalarchives - Thanks for raising this issue. You're DNS lookups expose more than you realize, and DoH (along with other DNS encryption methods) reduces what data can be logged. Absolutely ad-blocking is important too, but there's no reason why you can't use Pi-Hole alongside DoH, in fact I would recommend you do so (here's an example of a Pi-Hole Docker compose preconfigured with DoH). |
These links might be of help to you, if you're having trouble understanding how to implement this
As an example, this is how I've set it up in LAN: Clients within my network connect through OPNsense, for inbound/ outbound WireGuard VPN, IDS, monitoring etc. OPNSense forwards DNS queries onto pihole, which will block domains on the blacklist, and for all the rest, it will either immediately return the IP if already cached, or use Unbound to forward any non-cached results with DoH upstream onto NextDNS's servers. |
You clearly missed the point DOH allows devices on your network to bypass your pihole completing sacrificing your privacy by allowing marketing companies to track you. Maybe if you stopped to think a minute you would grasp this, because you are 1247.2% wrong here. |
Sorry, but this has nothing to do with DoH. Every device in your network can ignore your pihole (e.g. |
Thanks for the reply @nocturnalarchives - but I think you're misunderstanding. The DNS queries are encrypted once they leave you're Pi-Hole. The easiest setup I've found is to use DoT from client to local Pi-Hole, and then DoH from Pi-Hole to authoritative dns server. Pi-Hole still blocks ads, and you're using DoH where it matters. Alternatively, check out this article on using DoH via CloudFlare from the Pi-Hole docs. It's also worth noting that you can still be tracked, via numerous methods even with the strictest ad-blocking methods in place. Be careful not to put too much faith in you're Pi-Hole. Take a look at browser fingerprinting. If you're really worried, use Tails n Tor. |
Using DNS over HTTPS IS NOT MORE PRIVATE!!!
Using DNS over HTTPS is actually worse for your privacy. I know experts will tell you it is but they are wrong and I can explain why.
You can’t use a PiHole to block tracking websites if you use DOH. The ability to block DNS requests to the tracking from Advertising and Marketing companies is going to do much more to protect your privacy than obfuscating your DNS requests. Keeping third parties from knowing what sites you visit and what locations you’re at and when you’re there is a much more important act, and using DOH prevents you from doing that.
To really protect your privacy you’re going to need a VPN to obfuscate your IP. Using a VPN router enables you to obfuscate all the traffic on your network.
Any security or privacy or security expert who says protecting your DNS requests with DOH is more important than blocking thousands of website trackers really isn’t and expert and doesn’t understand privacy at all.
The text was updated successfully, but these errors were encountered: