Fortunately I set up unbound ages ago, and disabled every other upstream option in my pi.hole. However, I imagine that still “leaks” some information about my DNS queries, just indirectly – it’s not like my pi.hole has every domain mapped all the time!

Thanks. Wild that folks build SSH and HTTP around the same time without realising that HTTP could benefit from some of that same tech!

Excellent to have confirmation, thanks. What about the VPN connection handshake? I always assumed it was OK over non-SSL, because the exchange should use signed keys. But that is quite an assumption on my part.

I do exactly this as well. Works great! Dynamic DNS is kind of a hilarious hack.

Quick question: since I use wireguard, do I need to use DNS-over-HTTPS for security? My assumption is that my entire session is already encrypted with my wireguard keys, so it doesn’t matter. But I figured I should double check.

Any themes you specifically recommend? I just use native apps on my phone and laptop, but it would be nice to improve the theme when I administrate.