Comment

Comment on DNS kicking my ass (Technitium and opnsense)

roundup5381@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

thanks for taking the time to comment here, think I’ve gotten it mostly straightened out now!

one last thing I’m curious about, Id like to continue using a VPN for privacy concerns, would directing all my traffic through a vpn be the only way to benefit from VPN service while also benefiting from DoT and DNS self hosting.

source

Sort:hotnew top

stratself@lemdro.id ⁨2⁩ ⁨weeks⁩ ago
Glad to know you got it working.

When you use a VPN as a matter of privacy, I believe you should use their DNS service too to blend in with the crowd. Because of DNS leaks, websites would likely know which DNS server you’re querying from, so using a selfhosted one instead of a VPN’s can be a major uniqueness vector. On the contrary however, I’ve seen many do exactly that, so I guess it’s not as big of an issue. So it’s your choice ultimately.

Now, if you opt for commercial VPN’s DNS servers, be aware that don’t usually block any ads (if they do it’s likely a paid option), and you’d want to configure your own local zones too. To intercept DNS queries and forward only the approved ones to the VPN, I think you have 2 options:

Host Technitium on the VPN’d machine (your computer) and set up blocklists there. Create Conditional Forwarding zones: 1 towards the main TDNS server for your local domains, and the rest towards the 10.2.0.1 server for your public queries. Technitium may be overkill, AdGuard Home can also do this.

Configure your main TDNS server to forward queries via the VPN tunnel. This requires the VPN tunnel having an available SOCKS5/HTTP proxy, to be used with TDNS’ Proxy and Forwarders options. Even better, you may use the Advanced Forwarding app to only use this routing for the VPN’d device, and use another routing for other devices
source
- roundup5381@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
  great answer, thanks for sharing the knowledge and taking the time to comment
  
  source