Pi-hole is wonderful for blocking ads, but It doesn’t do as much for protecting your privacy as some people think. For the most part, it passes your DNS requests over unencrypted UDP to upstream servers, which means that your ISP can, and does, spy on those requests - even if you’re sending them to Cloudflare/Quad9/NextDNS. I wish that folks understood the scope of DNS snooping done by ISPs. It’s far easier than unencrypted SNI snooping to build out.<p>It seems like the best way to block ads and protect privacy is to run another resolver (cloudflared, NextDNS proxy, etc) in parallel. It’s extra work, but the privacy is probably worth it. I look forward to PiHole directly supported encrypted DNS over TLS or DNS over HTTPS/QUIC in the future.<p>In the mean time, if you want to avoid running an upstream resolver in parallel, AdGuard Home supports native DNS over HTTPS/TLS/etc.
Love pi-hole! I’m running it on a tiny ROCK Pi S[1] next to my router and haven’t had any issues whatsoever.<p>Always amazed at the amount of requests blocked by just the default list included with pi-hole. Although I’m a bit concerned that more and more apps/devices will start using DNS over HTTPS to get around pi-hole like solutions…<p>[1] <a href="https://wiki.radxa.com/RockpiS/hardware/rockpiS" rel="nofollow">https://wiki.radxa.com/RockpiS/hardware/rockpiS</a>
I wonder what the differences are in these 3 versions. Their home page doesn't mention them.<p>It's a great product though. I know it's basically a wrapper around dnsmasq. But the ease of use takes it from an item on a todo list to figure out some rainy day to a piece of software even many non technical people have running.<p>I run it myself too, the docker version.