I’ve been using pi-hole for the last 3 or 4 years and I’m pretty satisfied with it. Now I’m thinking about the next step. Nowadays I have my local network and a tailscale to access my hosts. I’m thinking about a DNS solutions to solve the names on the locla network and thru tailscale simultanely, while been able to block ads on DNS like pi-hole do. What do you think would be a better solution for this next step? I’ve only used bind before, but I think and old dog can learn a new trick.
Not sure what you mean by “network based dns”.
Hard-coded DNS is in the application, you cannot change this from any dhcp option. Browsers do it, lots of versions of prime video apps do it. Google nest and home devices are famous for this.
You can write a NAT rewrite rule at your router to catch any UDP or TCP request on port 53 and send it to your ad-blocking DNS server/forwarder, but you won’t be able to stop DoH (DNS over https), which just leaves the subnet encrypted on 443.
I was being too simplistic in my other reply. I was referring to basic router based DNS and NextDNS as the upstream resolver.
I don’t have an answer for hard coded DNS when it comes to NextDNS, which is essentially an upstream resolver with block lists functionality.
And to be honest, I misinterpreted OPs original question which was to take PiHole to the next level, whereas NextDNS is an alternative to.
I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.
Thanks for the clarification, you’ve got me wanting to pursue more DNS control now!
That’s the double-edged sword of DNS over https. It allows us to hide our DNS queries from local ISP and others, but it also allows applications to hide theirs also. It just looks like encrypted web traffic to your router.