Selfhosted

44306 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Pi-Hole question regarding unbound and cloudflared (lemmy.world)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Hello lemmings! I have recently started the process of setting up my own Pi-Hole, I am a developer and pretty comfortable with Linux but I am a bit of a newcomer when it comes to networking.

Now, during the process I noticed that the VPN I use (Mullvad) claim to have DNS leaks (This is a bit obvious since I was no longer using the DNS they expected in the VPN tunnel). So after reading a bit on the pi-hole guides I figured I'd set up a cloudflared service, but instead of using the cloudflare dns-query I route it to Mullvads own DNS.

Now this works fine and all, it's DoH and running Mullvads own DNS to query so Mullvads own tool is happy with the DNS settings I have.

However, I also read about unbound in the Pi-Hole guides. I was curious if this was to prefer over cloudflared? Since I am running through Mullvads own DNS I don't think there should be any issues. However locally hosting your own recursive DNS server also sounds good.

What is your opinion? Is it overkill? Is what I have now enough or should I try to set up unbound aswell?

Happy with just a discussion around this to learn more, just curious whether I should continue cooking on what I have now or if I should just focus on getting the entire network set up to use this.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 month ago (1 children)

However, I also read about unbound in the Pi-Hole guides. I was curious if this was to prefer over cloudflared?

Many people advocate for Cloudflared as a tunneling solution, but it’s not a one-size-fits-all tool. Personally, I avoid it. Your VPS already functions as a firewall for your connection. Using Tailscale is also self-host and avoids reliance on third-party services like Cloudflare while maintaining security and the same functionality.

For DNS privacy, I prefer odoh-proxy, which enables your VPS to act as an oDoH (Oblivious DNS over HTTPS) proxy for the cloudflare network. While oDoH introduces a slight latency increase, it significantly enhances privacy by decoupling query origins from content, making it a more secure option for DNS resolution. So you would be able to set your DoH resolver to your domain (https://dns.whatever.com/dns-query) and it would forward the request to cloudflare for resolution, and then back again.

As for Pi-Hole, its utility has diminished with the modern alternatives like serverless-dns. It allows you to deploy RethinkDNS resolver servers on free platforms, handling 99% of security concerns out-of-the-box. The trade-off is a loss of full custody over your DNS infrastructure, which may matter to some users but is less critical for general use cases.

Lastly, using consumer VPNs like Mullvad to proxy connections often introduces unnecessary complexity without meaningful security gains. While VPNs have their place they can really overcomplicate setups like this and rarely provide substantial privacy benefits for services like DNS.

[–] [email protected] 0 points 1 month ago

Many people advocate for Cloudflared as a tunneling solution, but it’s not a one-size-fits-all tool. Personally, I avoid it. Your VPS already functions as a firewall for your connection. Using Tailscale is also self-host and avoids reliance on third-party services like Cloudflare while maintaining security and the same functionality.

OPs not using cloudflareds tunneling or services at all; in this application, it's purely a local tool for translating regular DNS to DOH using the chosen DOH provider. Mullvad in this case.