My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?
My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?
Do you have the local unbound server respond to DoH so that the browser also uses encrypted client hello?
No. I don’t use DoH inside my network because I redirect DNS traffic on my primary VLAN to a pihole for ad and malware reducing. But I also control what has access to that VLAN pretty strictly. I have another VLAN for guests and untrusted devices that doesn’t use the redirecting, but does use the Unbound server as the default DNS, just doesn’t enforce it. And I have an even more locked down VLAN for self-hosted servers that also doesn’t use the pihole, but does use Unbound.
Yeah fair. I tried setting it up, but honestly probably not worth the effort in home networks. Problem is browsers don’t know that the other end of the unbound DNS server is DoH, so it won’t use ECH. Even once set up, most browsers need to be manually configured to use the local DoH server. Once there’s better OS support and auto config via DDR and/or DNR it’ll be more worth bothering with.