view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Encryption, UI, probably a little bit more serious development
But encryption is a big thing, DoT, DoH, Quic. And soon they will have ECH
That's cool for certain applications but on my home network should I really be super concerned about DNS encryption?
Probably not, but anyway it's pretty cool to have an option to do this kind of stuff
You can set up this dns on your phone, laptop, without a need of vpn (although vpns are cool, especially tailscale)
But, are you always connected to the vpn? Or even to connect to the vpn itself you probably need dns, why would not use your own
Not within the network, but translating regular dns to DoH before heading out to WAN keeps your browsing a little bit more private from your isp. Marginal, but it is a difference.
It's not just a little bit more private... It's a lot more private. Some ISPs have been known to build advertising profiles using DNS data. It's trivial for them to see all DNS lookups and even modify the responses, since it's both unencrypted and unauthenticated by default.
Just wanted to chime in and say that with a pihole you can also have encryption if you point to a local resolver like
cloudflared
orunbound
.My pihole forwards everything to a
cloudflared
service running on 127.0.0.1:5353 to encrypt all my outgoing DNS queries, it was really easy to setup: https://docs.pi-hole.net/guides/dns/cloudflared/That's a bunch of extra manual work though - both the initial setup, plus keeping the extra software packages up-to-date. With AdGuard Home, it's already configured to use DoH by default.
Hold on, this is not the same encryption
The encryption i was talking about is the encryption of your dns server
The article you sent is talking about upstream dns server encryption
You mean encryption between the client and your DNS server, on your local network?
You can do it on your local network, but this won't make much sense
I mean encryption between your phone or laptop outside of your house, and your dns server at your house