DEV Community

Cover image for Privacy with PiHole DNS server and block filter
rafaone
rafaone

Posted on • Edited on

Privacy with PiHole DNS server and block filter

After httpS port 443 that encrypt the connections we relax and think that all is safe.
It's can be util to avoid a gov block and censure on navigation.
But one topic that mostly of people forget is the DNS, the resolution name is first step that we go out on internet.
When you visit a site or requisite a service the request to DNS is the first action of mostly of services.
It work on port 53 and do not have any kind of the secure layer.
The mostly popular DNS servers are cloudfare 1.1.1.1 and google 8.8.8.8 and no you cant trust in this kind of provide, imagine on local provider.
With the DNS requistion the provider can be assembly your profile according with sites that you visit, and redirect a kind of certain ads for you.
Because of this you neeed to make a DOH layer (DNS over HTTPS) or a kind of local DNS, and now that PiHole project can help.

PiHole is friendly and super light DNS service to install in a local network, and also PiHole can be filter some websites to avoid a lot of ADS, this blacklist can be download and update to keep sade, also the list block the malware urls.

The ideia is change the DNS servers of your modem/router to appoint to local PiHole server.

Then all your clients will be automatically point to the local DNS, the advantage until this point is CACHE and malware/ads block filter.

Image description
But the secure is not cover until this time, and on this point you need to extra service to abstract this or make the DOH. The option are Unbound for a local DNS requisition, or use a cloudfare over HTTPS, experience with both the DOH cloudfare is the better and safe solution.

The steps to install Unbound and DOH of cloudfare are very detailed on the PiHole documentation, as I said particularly the DOH is works better for me.

Now the Pihole do not appoint to 1.1.1.1 but to 127.0.0.1 5353 port that make the magic using the https layer.

If you implement this your local network will work faster because of the cache, and also because of the block content that you can manage to filter according with your necessity.

Top comments (0)