I'm not a network guru and lots of the things I read, get only about 50% absorbed
The goal: Getting privacy and security as much as possible using Pihole on RPi with FF or Chrome, even for home use.
I'm a bit confused on the better setup for privacy and security, thinking I could achieve my goals using Pihole+Unbound+DoT, but not really getting anywhere.
I've setup Pihole + Unbound from scratch.
I was trying to understand if it's possible to use Unbound with Cloudflare, but then I realised that if I set upstream resolver settings then I go against the idea behind Unbound which is setting up my RPi as a recursive DNS server solution
Another thing I think I learned is that Unbound as a recursive solution, cannot be used with DoT. It's either DoT or Recursive DNS.
Given the above learnings/assumption (based on my limited knowledge), I find it hard to decide what is the better approach at this moment in time, in order to get the best possible privacy.
Ideally, I would like my DNS requests to be encrypted and untraceable, as much as possible with current limitations/available technology.
Given what I wrote so far, the following questions came to mind when I was setting and re-setting unbound with Pihole based on the Pihole guide and some other guides I found online:
Is there any solution that can be implemented with Pihole to get the best privacy and security in addition OR alongside to ad-blocking?
All unofficial Pihole + Unbound guides describe how to add upstream DNS resolvers which means getting Unbound with DoT but eliminating the recursive DNS usage. Why does Pihole guide is geared towards a recursive over DoT?
Why the official Pihole + Unbound guide doesn't mention to make sure DNSSEC is unchecked in DNS settings?
Unbound 1.12.0 is out (https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-12-0) allwoing the support of DoH. Can this be installed with Pihole? and is it better over DoT?
Playing around with
/unbound.conf.d/pi-hole.confI left the config file as follows: https://textuploader.com/1pusu
Given this configuration, when I test Chrome and FireFox, I get different results (see below). Can I get some help understanding why the differences and how can I get Chrome to match Firefox?
FireFox tested on 220.127.116.11/home
Pihole and the pi-hole.conf are not set to use Cloudflare, so how come it shows that I am using it?
Chrome test on 18.104.22.168/home
FF test security - Using secure DNS
Chrome test security - Not sure if using secure DNS
Debug token in case and required: