I set up Adguard Home to resolve DNS queries for my home network, but AT&T router doesn’t allow setting DNS server so I had to also use the DHCP server. Still have it using plain DNS because I didn’t want to set up certificates, but might still later even if it’s just proxying DoT/DoH.

  • FauxLiving@lemmy.world
    1·
    2 days ago

    Sorry for responding to a bit of an old post, but if you’re using Linux you can use cloudflared to handle DNS over HTTPS and then point your Adguard at the local ‘DNS Server’ that cloudflared creates.

    Instructions are here: https://docs.pi-hole.net/guides/dns/cloudflared/

    Only the ‘Configuring pi-hole’ section is pi-hole specific. All you’d need to do is to determine how to set AdGuard to connect to 127.0.0.1 port 5053 instead of whatever DNS server it’s currently using.

    • LGTM@discuss.tchncs.deOP
      1·
      14 hours ago

      Do you think it matters to do DoH for the home network? Right now AdGuard is pointing at a local unbound instance for plain DNS with DoH/DoT on fallback upstreams

      I think it’s also an option to set a cert on the DNS proxy and leave AdGuard<->Unbound plain DNS, which sounds fine from my perspective since it’s on same host but self doubt go brrrr

      • FauxLiving@lemmy.world
        1·
        8 hours ago

        For ad blocking it, doesn’t matter at all.

        DNS over HTTPS is done to prevent your ISP/anyone listening to your external network traffic from gathering data about your web traffic that you’d like to keep private. It’s more of a privacy thing than anything else.

        If you want to ensure that your DNS requests are not altered by potential adversaries you could also configure DNSSEC, but that’s an additional step that usually isn’t needed for most people (unless you’re extremely rich, politically exposed or in a similar risk category)