Hacker News new | past | comments | ask | show | jobs | submit login

Does this have a clear advantage over Pihole? I see the android app and that's nice but not enough of a killer feature (for me to want) to switch.

Pihole still offers nice things that a cloud solution can't, like local network resolution and DHCP.




Most importantly you can use it transparently outside of your network; you have a single DNS service with a single configuration available everywhere. You can of course use this server as your upstream resolver on local networks, with a local resolver like CoreDNS too, which gives you the best of both worlds: CoreDNS can serve local IPs with normal DHCP configuration, and any other requests can go upstream (securely) to your cool custom DNS-over-HTTPS server. So a bit of both worlds.

Not everyone sees this as an advantage, and even if you do see it that way, you still might not need it. If PiHole works for you, keep using it. I actually want this because I want to share my adblocking/secure DNS setup with my less-technical friends and family, none of whom live with me/share a network/VPN. So needing no new software on their end, just a new resolver to be configured, is very appealing. It can work everywhere on all their devices and it's very easy to configure.

Taking it further: you can customize the DNS path as you wish with your own code in these designs. It's definitely not for everyone and if you like the convenience DHCP/local resolution provides, I wouldn't necessarily switch. But once you actually can like, use your DNS endpoint as an API, and you can configure your DNS resolver programmatically from any language anywhere via HTTP APIs, a lot of neat things become possible. I actually configure my custom DNS resolvers with custom service names pointing to my local devices already; I don't rely on just DHCP+hostname to provide the right resolvable name. And doing this can be as simple as a POST request to a custom endpoint I wrote; the resolver can then just serve custom A/AAAA records for those entries. So if you want flexibility/a custom DNS network, it's very appealing. But if you don't want it, I wouldn't worry about it much.


> Most importantly you can use it transparently outside of your network; you have a single DNS service with a single configuration available everywhere.

As an aside: for a generic replacement for pi-hole inside and outside one’s local network, NextDNS (it’s not self-hosted) works fine. It allows setting up ad blocking and tracker blocker filters from common filter lists, allows custom allow and deny lists, and provides 300k queries a month in the free plan (when this limit is exceeded, the DNS works but not the filter lists).


For comparison to 300k queries, I use pihole and ublock, we basically have 4 users, we're in UK and have one desktop computer, 4 mobile phones, a laptop, a game console, a TV with Netflix (no other pay TV). Most daytimes there's only one person home.

We do an average of ~7k DNS requests per day, somehow. Our max day was 26000 requests ... I assume everyone is abusing DNS for tracking (heartbeat of some sort?).

Microsoft seem to hit the pihole rate limits often, presumably if you block their tracking domains they think making hundreds of requests a minute is the way forward ... it's almost like they're trying to DoS me with my own computer.


Tailscale + pihole is another way to achieve using same config everywhere. It's pretty easy to setup (by a HN definition of easy, would not suggest for any typical user). https://tailscale.com/kb/1114/pi-hole/

NextDNS/Adguard-DNS are more user friendly options.


Have you looked at Consul ? It does exactly what you describe for the DNS functionality.


Yes, I have evaluated Consul (but not deployed it), though of course it was originally designed for a bit of a different use case for server-side environments; though I guess there's nothing that would prohibit it from doing this exact thing. Custom and programmable DNS resolution has a lot of points in the design space...


> "Telling a programmer there's already a library to do X is like telling a songwriter there's already a song about love." -- Pete Cordell

You may be right, but a serverless resolver ain't anything I've seen before! Awesome project, and I'm glad to see that it all comw together-- not all projects do!


On my Android phone I use Wireguard to route DNS traffic to my PiHole server at home so I get all the benefits on the go. Also run AdAway at the same time for double protection.


But what's the latency?


Naturally this depends primarily on how far away from home you happen to be.

If you take a base case of ~1gbps simultaneous fiber link at your house and you are within 10s of miles, the added latency will probably be noticable but not horrendous (back of the napkin says 20-100ms, mostly due to 5g wireless hiccups and cross-network carrier transit).

Browsing HN: May not notice

Watching YouTube or other more bandwidth intensive activities: Probably could notice a little lag and/or longer load times. Even if you have 1gbps upload at home, in some (or many) cases you may only achieve 100mbps or possibly even less to your device (I've tested this manner of Wireguard PTP extensively IRL).

Mileage will vary.


I haven't seen any noticable problems. Got a 400/20 connection in southern California.


Or just don't route all traffic through your WG tunnel. Change allowed ip from 0.0.0.0/24 to the local ranges you want to reach fx 10.6.0.0/24


Would this likely break of goal of having / leveraging pi-hole?


No it just tunnels your DNS traffic and traffic to the 10.6.0.* IPs. Could also add with a comma 192.168.1.0/24 for other local IPs you want to route through WG.


Try using nextDNS. NextDNS + their CLI tool/proxy running locally is super powerful.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: