So DNS Black-holing is not new obviously, and what stands out as the go to solution? Pihole probably… and yeah thats what im using because hey its a popular choice. Though I am running it in docker. Combining that with Unbound (also in docker), and configuring outbound DNS to use DNS over TLS, with a few additional minor tweaks, but otherwise mostly standard configuration on both.
Wondering what you guys might be using, and if you are using Pihole and/or Unbound if you have any tips on configuration.
Happy to share my config if there is interest.
Unbound on the router which connects upstream with DNS over TLS. Ports 53 and 853 are NATed to the phiole and several other DNS servers like Google’s are blocked so devices can’t bypass the pihole very easily. This is only on my primary VLAN. Other VLANs are given the Unbound DNS by default but are allowed to bypass if they insist. I have one VLAN for guests and one for trusted devices in addition to the primary one.
In my particular setup, I have an additional constraint and that is that my network has to be designed for portability and travel. Not that it affects your design per say. Thank you for the response. Just something that occurred to me that I hadnt mentioned.
I am living a transient life at the moment. So lots of virtualization and lack of control concerning the WAP and such.
I do like your set up btw.