I configured my router to redirect all outbound port 53 udp traffic to adguard home running on a raspberry pi. From the log, it seems to be working reasonably enough, especially for apps that do their own dns resolution like the netflix app on my chromecast. Hopefully they don't switch to dns over https any time soon to circumvent it.

▲

efitz 6 days ago | parent [-]

DNS over https depends on the ability to resolve the DoH hostname via DNS, which is blockable via PiHole, or depend on a set of static IPs, which can be blocked by your favorite firewall.

▲

gruez 6 days ago | parent [-]

A sufficiently spiteful app could host a DoH resolver/proxy on the same server as its api server (eg. api.example.com/dns-query), which would make it impossible for you to override DNS settings for the app without breaking the app itself.

	▲	dishsoap 6 days ago \| parent [-]
		or it wouldn't even need to use any sort of dns. bit of a silly discussion.