Pi-hole with DNSCrypt-Proxy and Quad9
Motivation So far I've been very happy with my setup of Pi-Hole and DNS upstreams from Quad9. I have rarely thought about the security of the DNS service. However, DNS is very easy to hijack and very susceptible to man-in-the-middle attacks and sniffers that can compromise privacy. Solutions on the market There are now several ways to make DNS a little "more secure". From DNSSEC to DoT to DoH and DNSCrypt , the possibilities are in competition and are reminiscent of the first browser wars. Ultimately, what convinced me about DNSCrypt was this comparison , which also serves as an excellent source of understanding the technical mechanisms behind it. Unfortunately, Pi-hole doesn't directly support DoT, DoH or DNSCrypt, but there is a perfect solution that at the same time preserves the "separation of concerns" pattern. DNSCrypt-Proxy A proxy acts like a man-in-the-middle under your control. It enables you to use classic DNS internally in your network while t