SETUP:
- OPNSense Router/Firewall
- DNS01: Pihole + Unbound Recursive DNS
- DNS02: Pihole + Unbound Recursive DNS
RULES:
- Piholes VMs and the VMs only can get out (DNS requests)
- Anything else like IoT, smartTV with hardcoded Google DNS is redirected by force to Pihole via OPNSense firewall
- OPNSense blocks anything other than Pihole request to any public DNS
- OPNSense blocks requests to DoT like Googles on port 853
- OPNSense blocks requests to DoH like Googles on port 443, you cannot just block 443 so you need a firewall to block it based on https://public-dns.info/nameservers-all.txt
- If you try like
https://8.8.8.8`` (DoH)gets blocked
CONTEXT:
I am not Anonymous member but I wonder if there is a way to keep my DNS requests more private.
The way it is, there is no DNS dramas like often public DNS seems to have issues where services stop working because something went south. I never had that issue again with my setup.
But my ISP can still see everything I access.
Some will say to just use Quad9 and problem solved but you are still restricted to a singe public DNS.
GOAL:
Somebody once told me that you can set up Unbound differently that it processes everything locally or something along those lines or …
How can I possible make it harder for my ISP to see the dozens of YouTube videos I am watching hahaha
Thank you