In this guide we’ll setup cloudflare and Pi-hole together with docker-compose to create a portable and reproducible secure DNS solution.
Pi-hole has been working like a charm on my network for years blocking ads. I also have it configured with DNS-over-HTTPS using cloudflared for extra security and privacy. Pi-hole has a great guide to setting-up DoH. I recently reconfigured my home network with VLANs to separate the different kinds of devices on my network. There’s my primary/private LAN with the network gear, servers, and my personal systems. Then there’s a VLAN for scary IoT stuff and one for medium-trust devices like Xbox, PlayStation, Apple TV; devices that can access Plex for example but nothing more.