why even bother using PH?
With Pihole I have an ad blocker on all my devices, not just my desktop browser, and also have more control over what to block. It also routes the DNS away from my ISP.
This is not technically correct. You can use pihole with Wireguard or OpenVPN.
I’m using PiHole in-line with a commercial VPN option. It’s definitely possible, especially if you have a router/firewall capable of connecting to another VPN server (using something like OpenVPN or WireGuard). It takes a little bit of work to get it going, and most providers have guides and appropriate configuration files, but it’s definitely possible.
The only other steps to complete on top of that is to configure the DNS traffic from your desired PiHole to use the VPN provider’s resolvers, and ensure that that traffic traverses your router/firewall and out through that tunnel.
If you want to use it like this on-the-go, you can build out your own double-hop. Within the router/firewall configuration, configure the ‘internal’ VPN IP address of your mobile device/laptop/etc. to send all outbound traffic through the commercial tunnel and point its DNS to the aforementioned PiHole. From the mobile device/laptop/etc, VPN to the home network and that’s that. I’ve done this myself, and it works quite well. A little kludgy to set up, but it works.
Setting up an inside client to use this tunnel would work the same way, only without the VPN hop back to the home network.
I’ve heard a lot about Unbound. What is the difference between Unbound and using HTTPS to Cloudflared?
how do you set the dns server on tailscale to work on iphone?
It’s not the router, it’s the config file for pivpn. My guess is you were missing the FwMark. This is the tutorial I used.
Okay, then just use PH for all other devices and browser based blockers on the computer with VPN.
It also routes the DNS away from my ISP
but that traffic between you and whatever DNS server you’re using is visible to the ISP instead of being obfuscated like it would through the VPN
Isn’t that connecting you back to your network, and then it is using PiHole on your network?
I think they are wanting to use their PiHole while using a public VPN to hide their traffic.
From inside their network can they configure split-tunneling to use their PiHole for DNS, but hide their traffic by sending it out using a public VPN?
i mean the kinds of vpn’s like PIA or nord
On the tail scale dashboard, there is a tab for DNS.
There is a spot to enter an IP for a custom server. Enter the tail net IP of the Pihole. Turn on the switch for “Override local DNS”
Then on the Pihole, settings, DNS, interface options, select Permit all origins.
I use DNS over HTTPS to Cloudflare, so the ISP is unable to identify whats being sent
PIA lets you do just that.
Settings/Network - “Use existing DNS” or set Custom.
Soon as they route your traffic (without a vpn) they know what you looked up and what you are visiting.
They indeed know what website I visited, not what I did on that website. I did some research yesterday and since 2015 it is, by law, not allowed for ISP’s in The Netherlands to store your data, look at your data or sell your data. This also goes for the Cloudflare datacenter in The Netherlands.
So I decided to stop being paranoid and just enjoy the Pihole adblocker