Accessing DNS securely from anywhere

Hello all.

I have the need to use my DNS everywhere I go. And I need to this in such a way that not anyone can use it. However, I want to be able to use it on sites that block VPNs (banking sites), so I’m looking for a way to do this without those.

I’m thinking of a system where essentially PiHole would ask for a certificate that any client that uses it must have installed. I need this to work on iPhone and Mac. Any ideas as to how to set this up? Running Ubuntu 19.

https://docs.pi-hole.net/guides/vpn/overview/

I’m trying to do this without using a VPN.

Is your concern with an outgoing VPN from your LAN to the applicable website (i.e. a banking site), or from the client back to your home network via a VPN?

A website has no way of determining if you are using VPN to get your DNS traffic back to your Pi-hole. They only see the incoming traffic to their website, and if you don’t have an outgoing VPN on your LAN, they won’t know the difference.

You also have the option to setup your VPN to your Pi-Hole to route only DNS traffic, and not the actual data traffic that follows a DNS request.

On Android banking apps you cannot use a VPN. It detects it and blocks the connection. Gives a message about VPN is not supported. Similar to cable apps.

Just route your DNS over the VPN, not all your traffic.

This won’t work it looks for the system VPN toggle and blocks based on that

Then I’ve got nothing.

Edit: But we’ll see if the OP is able to make that option work.

Routing only DNS traffic could definitely work I think.

I hope I’m wrong.