Recently I had the realization unbound was my default DNS. I have been using pfblockerng and forwarding is off by default. Then I thought I’ll do the same on a pihole network. Great guide at https://pimylifeup.com/raspberry-pi-unbound/ . The guide from my understanding is a good default pi unbound config however I need to do more research. Pfsense is an alternative in which there are a multitude of settings similar to DDwrt or openwrt and I’d assume opnsense is in the same boat minus the pfblockerng plugin that I enjoy. Unbounded by a forwarding service seems to be nice assuming the unbound connection to the resolver is good and safe. I played around recently with having my domain DNS go through cloudflare and that was a hijack better described here, https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/ and https://www.reddit.com/r/selfhosted/comments/17zj450/how_are_so_many_sites_ok_with_using_cloudflare/ . You’ll notice running that setup your site will be hosted obviously on a cloudflare IP and your CA will be whatever they use which in my case was their google cert. These offenses/protection mechanisms are described as well on an episode of security now(I’ll find and update with episode #). The desire for such setups were at my heart to block ads. This slighted into control and privacy and security. Moreover the objective is to learn and understand the ether that makes up the digital playground. I take my own nonobjective surveys all the time to seek out what users use on their mobile device and I’d do the same for their PC but not everyone even utilizes one regularly. I think I found one person whom wanted to be a ‘cyber’security person whom still didn’t consider his own DNS while maintaining a VPS with access to crypto and a server in which multiple peoples compromised machines were all neatly organized for him to dig through including their keystrokes nicely archived along with passwords. I inquired how he could want to utilize such a site and he felt this was what he needed to learn and identify ‘cyber’ skills. I cringe at the thought of anyone I knows machine being compromised and a supposed wanna be digging through to learn his own skills on a crypto dime. The majority of surveyed would usually shrug or not be to concerned usually not knowing what DNS is and happily paying for ad free programs to content that are free anyhow. I don’t mean to stand on a soapbox as everyday I feel I am learning and introduced to a skill or resource that changes how I use or see my own digital ether. Operating systems and the machine that I stood on used to be so important to me and would be my identity. Now I feel more a nomad that access’s certain stables within the wild. Each machine’s state of security are still important to me but maybe the minor details I’ve given in, to find more a reason for its use. Not just a mindless update-patch-secure. I would joke with a buddy how I’d boot my machine just to update it then shut it off never even doing anything just to make sure its ready and made for the next use. Mobile platforms clearly set someone like me back with an ideological pc mindset. I didn’t know where to begin now I had a roaming machine with no access. We had to give in to an environment that is secure by default during the brew process. The mobile devices were also not really ours and the cell infrastructure could give a crap about what your home ISP allowed you or didn’t. The mobile device frustrated me from the stand point of what I think is control. I personally only used a mobile hotspot with a non cellular device even if it was an ipod touch this allowed me to place spi, nat, and as my skills grew a firewall with some more elaborate controls between me and everyone else naked online. At least this is how I felt; I’d argue the more I learn the more I understand this tech isn’t ever mine its someone else’s. I will continue to utilize tools to at least give me an understanding of what is happening and how to direct what is as best I can.