Look into ODOH (Oblivious DNS Over HTTPS) if you want to go the extra mile
Thanks for this. I've honestly never heard of it.
Neither had I until recently
Turns out cloudflare 1.1.1.1 is already using ODOH and my unbound is setup to use cloudflare. I think. More investigation is needed.
https://blog.cloudflare.com/oblivious-dns/
I did something similar to this (github.com) on my pis. Except I don't use wireguard.
This DNS server works for Adguard Mobile https://odoh.cloudflare-dns.com/dns-query
I'd caution against using cloudflare servers. They are not friends to the republic, so to speak.
Unless you're setup to route to ODOH relays you aren't working within the security model.
Cloudflare may use ODOH on their end, but that may just mean they're sending to relay ervers (probably run by them) after receiving your request, which is not ODOH on your end.
far as I know unbound is a recursive dns server. so if it's hitting cloudflare servers then it's just a typical recursive dns request. Plus if all your dns requests are going to the same resolver (eg. cloudflare) then from what I understand it defeats the purpose of recursive dns as a privacy measure. This is beacuse cloudflare has the full list of all recursive requests, so it's trivial to put it all together.
(post is archived)