A new beginning

Back in 2017 I setup a single Public Pi-hole as an experiment. It gained way more traction than I imagined, so I decided to setup a dedicated website with some additional instances last year. However, all instances were lacking support for DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), one of the most requested features I received via email.

Last month finally got around to implementing DoH & DoT, but it came at a cost; I decided to migrate all instances from Pi-hole to Adguard Home. Yes, that’s right, the Public Pi-holes are no longer powered by Pi-hole…

Don’t get me wrong; Pi-hole is a great project, but it’s geared towards personal use on an internal network, not to setup a public DNS resolver. The Pi-hole developers are very clear about this, as they highly discourage anyone to setup a public DNS resolver because of the associated risks, such as DNS amplification attacks. Therefore Pi-hole lacks features as DoH, DoT and rate limiting, as they should not be needed over LAN.

Strictly speaking, I could’ve made DoH & DoT work with Pi-hole, but it would’ve added another set of moving parts to each instance, making it even more complex than it already is. Remember that the Public Pi-hole project does not use any DNS upstream servers such as Cloudflare or Quad9. Instead I run unbound to directly query the DNS root servers, so essentially I’m running two DNS servers on each instance. On top of that, everything is running in Docker, so the additional packages that would add support for DoH & DoT would need to run in Docker as well, making it an overly complex stack in my opinion. Hence I decided to switch the backend of each instance to Adguard Home, as it supports DoH, DoT and rate limiting out of the box.

So what does this mean?
Apart from the missing statistics page for each instance, which won’t be coming back anytime soon as Adguard Home does not feature a public statistics page (yet), there isn’t much difference from an end-user perspective, except the added support for DoH & DoT of course… that’s where this all started after all.
Rest assured, the adblocking DNS resolvers aren’t going anywhere. I intend on keeping this project alive, albeit being it under a new project name… and that’s where you come in; I’m looking for ideas for a new, more fitting, name. Submit your ideas for a new name in the comments, but please refrain from incorporating product names such as ‘Pi-hole’ or ‘AdGuard’ into it.

I’m looking forward to your submissions!

Kind regards,
Freek

PS. Oh, and IPv6 support is coming soon as well!

CategoriesNews

6 Comments

  1. I’ve been following your project almost since beginning and it’s amazing. If you say this is the best way then I trust you.
    Keep the great work, Freek.

    My name for the new project “Guardian Hole”

  2. How about Adhole, so it’s telling what it does and where it came from, however, name is still independent.

  3. I’ve been a regular user of this great project. Thank you for your altruistic service. Does the new shift essentially means, it’s same as running Adguard Home? or your custom filter list still applicable on top of that? and how about Magic-hole :D?

  4. Dad – De ad (I know it’s stupid, lol)
    LISA – Loose Intrusive Stupid Ads
    LAD – Loose ads
    TIS – The Internet Sanitizer
    NPA – No Place for Ads
    FINS – Free Internet from Nuisance for Sure
    VDNS – (Ad)Vanced DNS

    I didn’t filter my thoughts, these might sound stupid, but since I love your project, I thought why not?! TIS is my favourite thought. Anyway, thanks and kudos.

Leave a Reply

Your email address will not be published. Required fields are marked *