I set up Adguard Home to resolve DNS queries for my home network, but AT&T router doesn’t allow setting DNS server so I had to also use the DHCP server. Still have it using plain DNS because I didn’t want to set up certificates, but might still later even if it’s just proxying DoT/DoH.
Do you think it matters to do DoH for the home network? Right now AdGuard is pointing at a local unbound instance for plain DNS with DoH/DoT on fallback upstreams
I think it’s also an option to set a cert on the DNS proxy and leave AdGuard<->Unbound plain DNS, which sounds fine from my perspective since it’s on same host but self doubt go brrrr
For ad blocking it, doesn’t matter at all.
DNS over HTTPS is done to prevent your ISP/anyone listening to your external network traffic from gathering data about your web traffic that you’d like to keep private. It’s more of a privacy thing than anything else.
If you want to ensure that your DNS requests are not altered by potential adversaries you could also configure DNSSEC, but that’s an additional step that usually isn’t needed for most people (unless you’re extremely rich, politically exposed or in a similar risk category)