So DNS Black-holing is not new obviously, and what stands out as the go to solution? Pihole probably… and yeah thats what im using because hey its a popular choice. Though I am running it in docker. Combining that with Unbound (also in docker), and configuring outbound DNS to use DNS over TLS, with a few additional minor tweaks, but otherwise mostly standard configuration on both.
Wondering what you guys might be using, and if you are using Pihole and/or Unbound if you have any tips on configuration.
Happy to share my config if there is interest.
Unbound on the router which connects upstream with DNS over TLS. Ports 53 and 853 are NATed to the phiole and several other DNS servers like Google’s are blocked so devices can’t bypass the pihole very easily. This is only on my primary VLAN. Other VLANs are given the Unbound DNS by default but are allowed to bypass if they insist. I have one VLAN for guests and one for trusted devices in addition to the primary one.