Privacy with PiHole DNS server and…
Privacy with PiHole DNS server and block filter
After using HTTPS (port 443) to encrypt connections, we often relax, assuming everything is secure. While this can help avoid government blocks and censorship, many people forget about DNS — the first step when accessing the internet.
Whenever you visit a website or request a service, the first action is a DNS query. DNS operates on port 53 and does not have any kind of security layer. The most popular DNS servers are Cloudflare (1.1.1.1) and Google (8.8.8.8), but you shouldn’t fully trust these providers, especially not your local ISP's DNS server. With DNS queries, providers can build a profile of your online activity based on the websites you visit and may target specific ads to you.
To improve privacy, you need to use DNS over HTTPS (DoH) or set up a local DNS, and this is where the PiHole project comes in.
PiHole is a user-friendly and lightweight DNS service that you can install on a local network. It can also filter websites to block ads using downloadable and updatable blacklists, which helps protect against malware and intrusive ads.
The idea is to change the DNS settings on your modem/router to point to the local PiHole server.
By doing this, all your clients will automatically use the local DNS. Up to this point, the benefits are faster internet due to caching and blocking ads and malware.
The ideia is change the DNS servers of your modem/router to appoint to local PiHole server.
Then all your clients will be automatically point to the local DNS, the advantage until this point is CACHE and malware/ads block filter.
However, security is not fully covered yet. At this point, you need an additional service for encryption, such as DNS over HTTPS (DoH). Your options are using Unbound for local DNS requests or using Cloudflare over HTTPS. In my experience, Cloudflare’s DoH is the better and safer solution.
The steps to install Unbound and Cloudflare's DoH are well documented in PiHole’s documentation. Personally, I found that DoH works better for me.
Now, PiHole no longer points to 1.1.1.1 but to 127.0.0.1:5353, which handles DNS requests using HTTPS.
By implementing this, your local network will work faster thanks to caching, and you'll have control over the content filtering according to your needs.
#blog #tech