You could set up a PiHole on your local network, and have the VPN's DNS be secondary.
privacy
Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.
Partners:
- community.nicfab.it/c/privacy
Wouldn't that still leak your DNS? I guess that's not a big deal if you don't care about timing correlation attacks.
Why would it? The PiHole would be on your local network, so it would never need to go past your router. So the request itself would be private, what matters is what you do with the response. Theoretically, the PiHole would only give responses for things it'll block (usually directing it to localhost or something), and have no response for everything else (check your configs).
So if you get a response from the PiHole, you route the request locally, which does nothing. If you don't get one, you'll check the secondary DNS, which is provided by the VPN service.
You should certainly confirm this before completely trusting it, but it should work fine.
Adguard can work with adguard VPN to provide adblocking through the VPN. This applies to Android and Windows, and maybe even iOS versions.
With other VPNs, I've used some with their own adblocker, but they aren't nearly as good at filtering.
The DNS config is really a totally separate piece from your Honeypot. Sorry, I mean your vpn.
You can use whatever DNS service you wish, or better yet set up your own with pihole or zenarmor or something like that.
Essentially, you outsource the blocking to your VPN server in that scenario. You can have a blocklist of advertisers, trackers, or bad-behaviour like SSH/HTTPS scans, etc. You would generally download a list of misbehaving netblocks and block them on your firewall, then download a list of known-bad domain names, and block them from being resolved by DNS (i.e. just return 127.0.0.1, which is your local device, which always fails)