I present an alternative way to use Pi-hole outside the home network by leveraging Encrypted DNS (aka DNS-over-TLS and DNS-over-HTTPS) instead of the usual VPN.
Excellent to have confirmation, thanks. What about the VPN connection handshake? I always assumed it was OK over non-SSL, because the exchange should use signed keys. But that is quite an assumption on my part.
Wireguard uses public and private keys which are designed from the ground up to be used over plain text to establish the handshake so it isn’t an issue. Same idea with ssh keys and ssl keys
You do not need anything else. DNS requests are all sent over Wireguard with encryption
Excellent to have confirmation, thanks. What about the VPN connection handshake? I always assumed it was OK over non-SSL, because the exchange should use signed keys. But that is quite an assumption on my part.
Wireguard uses public and private keys which are designed from the ground up to be used over plain text to establish the handshake so it isn’t an issue. Same idea with ssh keys and ssl keys
Thanks. Wild that folks build SSH and HTTP around the same time without realising that HTTP could benefit from some of that same tech!
At the time, everything HTTP was supposed to be public.