I would like to start a project to provide PiHole’s for the community.
Looking for:
Another person(s) willing to help/backup me in administrating the PiHoles. I know the PiHoles don’t require much, but it would be good to have someone to back up me up in case I get hit by a bus.
Providers willing to donate a VPS for the cause. PiHole is super lightweight. Of course, we would get you credit for the donation - piholeXXX powered by provider name
I understand the concerns raised. My plan was to run everything with logging disabled. Having more than 1 person working on the project seems like a good way to make sure everything is on the up and up. Remember that whoever we forward the PiHole to could also log your requests. Your ISP has this data for sure (assuming your using their DNS.)
@aaronstuder You seem quite interested in becoming either a lead, or a member of existing projects- I strongly suggest you play around on your own first, so you know what to deal with, and get a bit of a record for others who might be interested in assisting/teaming with you.
I’ve never used PiHole, but can’t you use a local resolver like unbound? That would use the root servers instead of forwarding the requests to a single resolver.
I’ve done it for quite a while; pick a recursive DNS server (BIND is fine too), pick alternative root hints if you want to browse your favourite .fur sites without hiccups (e.g. OpenNIC; I used to pick the way less furry ORSN but it’s now unmaintained), eventually setup a sinkhole (you may set it up in PowerDNS, BIND and others) if you prefer so, place the recursive server behind dnsdist, connect the box with other ones you have around with a Wireguard mesh, eventually add recursive servers you have in the wireguard’s IP range to dnsdist’ server pool. dnsdist secures quite a bit any downstream resolver you may choose (BIND too!) and allows you to load-balance requests across all the boxes participating in the pool, caching on top of them. The cache can be per-pool or shared across pools. It can add DoH, DNS over TLS, DNSCrypt and whatnot and you can obviously restrict access to localhost and private ranges if you wish so. The resolver actually queried is dnsdist and it’s as public-facing as you want it to be; it can serve as resolver for all your VPNs too.
To provide some insight: EVERYONE on the internet collects metadata. In case your ISP doesn’t by some weird chance, their upstreams do.
With that said, it’s 99.999% just metadata. Aka who sends how much data to what on which ports - the data itself is not being logged.
I can provide a node in Prague, CZ, v4+v6 included. Make sure to setup per-IP rate limits though, hosting a public DNS recursor otherwise is quite a nightmare (it’s a DDOS amplifier).