I’ve been aware of pi-hole for a while now, but never bothered with it because I do most web browsing on a laptop where browser extensions like uBlock origin are good enough. However, with multiple streaming services starting to insert adds into my paid subscriptions, I’m looking to upgrade to a network blocker that will also cover the apps on my smart TV.

I run most of my self hosted services on a proxmox server, so I’d like something that’ll run as an LXC container or a VM. I’m also vaguely aware that various competing applications have come out since pi-hole first gained popularity. Is pi-hole still the best thing going, or are there better options?

  • Maximilious@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    10 months ago

    What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.

    • Gooey0210@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Encryption, UI, probably a little bit more serious development

      But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH

      • SpaceCadet@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like cloudflared or unbound.

        My pihole forwards everything to a cloudflared service running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          10 months ago

          That’s a bunch of extra manual work though - both the initial setup, plus keeping the extra software packages up-to-date. With AdGuard Home, it’s already configured to use DoH by default.

        • Gooey0210@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Hold on, this is not the same encryption

          The encryption i was talking about is the encryption of your dns server

          The article you sent is talking about upstream dns server encryption

          • SpaceCadet@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            The encryption i was talking about is the encryption of your dns server

            You mean encryption between the client and your DNS server, on your local network?

            • Gooey0210@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              You can do it on your local network, but this won’t make much sense

              I mean encryption between your phone or laptop outside of your house, and your dns server at your house

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        That’s cool for certain applications but on my home network should I really be super concerned about DNS encryption?

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          10 months ago

          Not within the network, but translating regular dns to DoH before heading out to WAN keeps your browsing a little bit more private from your isp. Marginal, but it is a difference.

          • dan@upvote.au
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            It’s not just a little bit more private… It’s a lot more private. Some ISPs have been known to build advertising profiles using DNS data. It’s trivial for them to see all DNS lookups and even modify the responses, since it’s both unencrypted and unauthenticated by default.

        • Gooey0210@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Probably not, but anyway it’s pretty cool to have an option to do this kind of stuff

          You can set up this dns on your phone, laptop, without a need of vpn (although vpns are cool, especially tailscale)

          But, are you always connected to the vpn? Or even to connect to the vpn itself you probably need dns, why would not use your own