An Exercise Program for the Fat Web

For those privacy minded, we can do one better by not putting all our eggs in one basket. I have replaced cloudflared with unbound configured with many DNS over TLS forwarders so DNS requests are distributed among different servers.

I’ve added both IPv4 and IPv6 addresses in the above configuration example. Unbound will figure out which protocol is available and which is faster on its own. You can get better reliability from your DNS server by configuring more routes and more options to cover for outages or routing disruptions.

I also wrote about randomizing DNS forwarding servers with Knot Resolver a few weeks back. This ensures you’re not sending all your DNS traffic to one provider; making it more difficult for any one provider to build a complete profile on your online activities and behavior. Unbound will do this by default with no additional configuration assuming each of your configured DNS forwarders respond within 400 milliseconds. Note that you’re not limited to just four DNS forwarders as you are with Knot Resolver. You can configure as many DNS forwarders as you want with Unbound and it will spread your forwarding requests out among each of them automatically.

Adding a VPN like OpenVPN or wireguard so it uses pihole as its DNS will allow devices on the go to take advantage of this setup as well.

2 Likes