Wong Edan's
Cover
DevOps & Infrastructure

Pi-hole, DoH, and Internet Privacy: A Deep Dive

February 08, 2026 • By Azzar Budiyanto

The Internet is Watching. Let’s Fight Back.

Okay, let’s be real. The internet isn’t the wild west it used to be. Every click, every search, every website you visit is a data point being collected, analyzed, and often, sold. It’s creepy, it’s invasive, and frankly, it’s a bit rude. But before you go full-off-grid and start communicating via carrier pigeon, there are things you can *do*. And that’s what we’re talking about today: Pi-hole, DNS over HTTPS (DoH), and how they can dramatically improve your internet privacy. I’m Wong Edan, and I’m here to tell you why you need this in your life. Seriously.

What *is* DNS and Why Should I Care?

Let’s start with the basics. You type “google.com” into your browser. But your computer doesn’t actually *know* where “google.com” is. It knows IP addresses – those long strings of numbers like 142.250.185.142. So, how does it translate a human-readable domain name into a machine-readable IP address? That’s where the Domain Name System (DNS) comes in. Think of it as the internet’s phonebook.

When you type “google.com”, your computer sends a request to a DNS server (usually provided by your Internet Service Provider – ISP). The DNS server looks up the IP address associated with “google.com” and sends it back to your computer. Your computer then uses that IP address to connect to Google’s servers. Simple, right?

Here’s the problem: your ISP’s DNS server knows *every* website you visit. They can log this information, sell it to advertisers, or even be compelled to hand it over to governments. That’s a massive privacy violation. And it’s not just your ISP. Public DNS servers like Google Public DNS (8.8.8.8 and 8.8.4.4) and Cloudflare DNS (1.1.1.1) also have access to this data, although they generally have more privacy-focused policies than ISPs. But trust, but verify, right?

Enter Pi-hole: Your Network’s Bouncer

Pi-hole is a network-level ad blocker. But it’s so much more than that. It’s a DNS sinkhole. Instead of sending your DNS requests directly to your ISP or a public DNS server, you configure your network to send them to your Pi-hole. Pi-hole then consults a list of known ad servers, tracking domains, and malware sites. If a request is for something on that list, Pi-hole blocks it. If it’s a legitimate website, Pi-hole forwards the request to an upstream DNS server (like Cloudflare or Google) and returns the IP address to your computer.

Why is this awesome?

  • Network-Wide Blocking: Pi-hole blocks ads on *all* devices connected to your network – computers, phones, tablets, smart TVs, even your smart fridge (if it’s connected to the internet, Pi-hole can protect it).
  • Performance Boost: Blocking ads means less data being downloaded, which can speed up page loading times.
  • Privacy Enhancement: By blocking tracking domains, Pi-hole prevents companies from collecting data about your browsing habits.
  • Customization: You can add your own custom blocklists to tailor Pi-hole to your specific needs.

Installation and Setup: Pi-hole is typically installed on a Raspberry Pi (hence the name), but it can also be run on other Linux systems, even in a virtual machine. The installation process is relatively straightforward, with a web-based interface for managing blocklists, viewing statistics, and configuring settings. You’ll need to set your router’s DNS settings to point to the IP address of your Pi-hole server. This is where things can get a little tricky depending on your router. I’ve seen some routers make this incredibly easy, and others… well, let’s just say you’ll need a strong cup of coffee and a lot of patience. (And maybe a Reddit thread or two. I saw a good one about Mikrotik routers recently – check it out here.)

DNS over HTTPS (DoH): Encrypting Your DNS Requests

Okay, so you’re using Pi-hole, which is fantastic. But there’s still one potential vulnerability: your DNS requests between your Pi-hole and the upstream DNS server are still sent in plain text. This means someone eavesdropping on your network could see which websites you’re visiting, even if they can’t see the content of those websites. That’s where DNS over HTTPS (DoH) comes in.

DoH encrypts your DNS requests using HTTPS, the same protocol that secures your web browsing. This makes it much more difficult for anyone to intercept and read your DNS traffic. It’s like sending a postcard versus sending a sealed letter.

How to Implement DoH:

  • Pi-hole: Pi-hole supports DoH. You can configure it to use a DoH provider like Cloudflare, Google, or Quad9. This is done within the Pi-hole web interface under Settings > DNS.
  • Router: Some modern routers now support DoH natively. Check your router’s documentation to see if this is an option.
  • Operating System: Most modern operating systems (Windows, macOS, Android) also support DoH. You can configure DoH settings within your operating system’s network settings.
  • Browsers: Browsers like Firefox and Chrome also have built-in DoH support. However, using browser-level DoH can bypass your Pi-hole, so it’s generally recommended to configure DoH at the network level (Pi-hole or router) for consistent protection.

Choosing a DoH Provider: Not all DoH providers are created equal. Consider factors like privacy policy, logging practices, and performance. Cloudflare (1.1.1.1) and Quad9 (9.9.9.9) are generally considered to be privacy-focused options. Google Public DNS also offers DoH, but their privacy practices are more complex.

Pi-hole vs. AdGuard Home: The Contenders

You’ve probably heard of AdGuard Home. It’s Pi-hole’s main competitor. Both do essentially the same thing – block ads and trackers at the DNS level. So, which one should you choose? Honestly, it depends on your needs and preferences. I’ve used both extensively. I spent years with Pi-hole and Unbound (as a recursive DNS server) before diving into Opnsense, and I found Pi-hole to be a solid, reliable solution. (Here’s a discussion on Reddit about that).

Pi-hole Pros:

  • Simplicity: Pi-hole is generally easier to set up and configure, especially for beginners.
  • Large Community: Pi-hole has a large and active community, which means plenty of support and resources are available.
  • Lightweight: Pi-hole is relatively lightweight and doesn’t require a lot of resources.

AdGuard Home Pros:

  • More Features: AdGuard Home offers more advanced features, such as parental controls and DNSSEC support.
  • Better Filtering: Some users report that AdGuard Home’s filtering is more effective at blocking ads and trackers.
  • More Flexible: AdGuard Home is more flexible in terms of configuration options.

I’ve found that both are excellent choices. If you’re new to DNS-level ad blocking, I recommend starting with Pi-hole. If you’re a more advanced user and want more control and features, AdGuard Home might be a better fit. (Check out this comparison: Pi-hole vs AdGuard Home)

Beyond the Basics: Staying Safe in a Connected World

Pi-hole and DoH are powerful tools, but they’re not a silver bullet. Here are a few other things you can do to improve your internet privacy:

  • Use a VPN: A Virtual Private Network (VPN) encrypts all of your internet traffic, not just your DNS requests.
  • Use a Privacy-Focused Browser: Browsers like Brave and Tor are designed to protect your privacy.
  • Use Privacy-Focused Search Engines: Search engines like DuckDuckGo don’t track your searches.
  • Be Mindful of What You Share Online: Think before you post on social media or share personal information online.

The fight for internet privacy is an ongoing one. It requires vigilance, awareness, and a willingness to take control of your data. Pi-hole and DoH are excellent starting points. They’re not perfect, but they’re a significant step in the right direction. And honestly, in today’s world, every little bit helps. I’ve seen folks on Quora discussing this too, even relating it to fixing Android issues! (Check this out). Don’t just accept the status quo. Take back your privacy. You deserve it.

And remember, if you’re still struggling with DNS issues, MyRepublic has a good guide on troubleshooting: 3 Cara Mengatasi Masalah DNS di Rumah. Stay safe out there!