〄<p><a href="https://earth.law/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> is a <a href="https://earth.law/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> minefield. Here's my best shot at charting a safe course through. </p><p>New <a href="https://earth.law/tags/blog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blog</span></a> post up now re: combining <a href="https://earth.law/tags/AdGuardHome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AdGuardHome</span></a> with rotating stable of <a href="https://earth.law/tags/DNSCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSCrypt</span></a> resolvers, with <a href="https://earth.law/tags/Tailscale" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tailscale</span></a> <a href="https://earth.law/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> over <a href="https://earth.law/tags/Mullvad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mullvad</span></a> exit nodes, and <a href="https://earth.law/tags/Caddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Caddy</span></a> obtaining certificates for <a href="https://earth.law/tags/DOH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DOH</span></a> — <a href="https://sij.law/dns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sij.law/dns/</span><span class="invisible"></span></a></p><p><a href="https://earth.law/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://earth.law/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://earth.law/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> <a href="https://earth.law/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://earth.law/tags/hetzner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hetzner</span></a> <a href="https://earth.law/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>server</span></a> <a href="https://earth.law/tags/pihole" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pihole</span></a> <a href="https://earth.law/tags/unbound" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unbound</span></a> <a href="https://earth.law/tags/macos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macos</span></a> <a href="https://earth.law/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ios</span></a> <a href="https://earth.law/tags/DNSOverride" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNSOverride</span></a> <a href="https://earth.law/tags/DeepDive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeepDive</span></a> <a href="https://earth.law/tags/LittleSnitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LittleSnitch</span></a> <a href="https://earth.law/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://earth.law/tags/Quad9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Quad9</span></a> #9999</p>