PiHole + Unbound (with direct-to-root server lookups) + Outbound VPN (to secure the Unbound requests) + Inbound VPN (for clients) has been my go-to container setup for DNS.
Phones/tablets use WG Tunnel to turn on the VPN when not on-site.
this post was submitted on 22 Mar 2025
231 points (97.5% liked)
Technology
67285 readers
3686 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
So you're vpning unbound? Is that not adding a noticeable delay?
Not really since everything gets cached locally and the VPN is pretty quick and data center close to me.
Why does Italy always seem to have these weird court rulings that sound detached from reality? Like suing geologists for not predicting when a volcano was going to erupt.
I don't really know but I think Italy works different. I once met this Italian producer at a film festival. He spoke to me for about 20 minutes in Italian while wildly gesturing. His translator then gave me a deadpan look and said: "He asked you how film financing works in East Asia." I gave a short answer and then the translator spent 20 minutes explaining and translating my answer.
Now seems a good time to point out there is an alternative DNS root that isn't censored https://opennic.org/
Audit the servers they recommend for you, because for me, the server at the top of the list offered no privacy features and kept logs.
Mullvad offers free DNS service. That's what I usually use
Alternative roots are an interesting concept, but really people just need good alternatives recursives.
This is intoresting, thanks! Didn't know about this project.
Also, what's wrong with their webpage? The scroll freezes on my phone. Will check when I'm on the computer.
Italy is using its Piracy Shield law to go after Google, with a court ordering the Internet giant to immediately begin poisoning its public DNS servers
I don't know why Italy is wasting time on this.
Italy is not going to be able to force all public DNS servers out there to block things that they want blocked. Anyone using Google's DNS servers is already going out of their way to use an alternate DNS and can probably plonk in another IP address if they want. It's not as if Google has the only publicly-accessible DNS server out there.
If Italy really and truly doesn't want a DNS server that is doing this to be accessible in Italy, go after Italian network service providers, and instead of playing a never-ending game of whack-a-mole until they run into someone who just tells Italy to buzz off, just block it. Now, some portion of Italians are probably going to still get to DNS servers that ignore Italy's views on things via VPNs unless Italy wants to ban those too, but it'd at least be more-effective than trying to go after every DNS server provider out there, which is definitely is going to leave DNS servers that don't block sites accessible online.
Frankly, I don't even think that DNS-based censorship is very effective in the first place anyway, but if you're going to do it, might as well at least do it as effectively as possible.
I don’t know why Italy is wasting time on this.
Tech-illiterate politicians making public actions so their corporate donators keep investing in them.
One way that their incompetency limits the amount of damage they can accomplish.
For them Google is basically the internet.
Anyone using Google's DNS servers is already going out of their way to use an alternate DNS
But I have heard that Chrome is already bypassing classic DNS and uses Google by default ...
Ah, fair enough, maybe the target here is default DNS-over-HTTP in browsers.
If Italy really and truly doesn't want a DNS server that is doing this to be accessible in Italy, go after Italian network service providers
They're already doing that for blocking IPs, and ended up blocking Google Drive and some Cloudflare CDN IPs.
I believe India is following your approach, asking ISPs to block certain websites, mainly porn. Or at least, they were. I'm not sure what else they're planning now.
There's always Quad 9.
PSA:
DNS censorship is standard procedure in European copyright enforcement. Since Quad9 made the unfortunate decision to establish itself in Europe, it is forced to obey.
For example: https://www.quad9.net/fr/news/press/quad9-faces-new-dns-censorship-legal-challenge-in-france-from-canal/
I'm surprised they aren't making the same demands of the relevant TLDs. Or are they trying that and failing? If yes, why would they have better chances with Google?