Optimal DNS Set-up? (Self-hosted Adguard Home with VPN?)

Hey friends,

I’ve recently had some ideas for changing around my DNS set-up, and I wanted it to run it by you guys and hear what the community thinks about this.

So, my idea is:

  • Set-up Adguard Home on my Raspberry Pi, then follow this guide to create my own DOH/DOT server utilizing it, attached to my domain.

  • I can then use Mullvad as the upstream DNS resolver on Adguard Home for queries that aren’t blocked, and I can also use this Adguard Home DNS server I set-up in combo with Mullvad’s VPN on my devices.

I’d basically be creating my own NextDNS. I find this preferable over just using NextDNS due to the amount of control and freedom Adguard Home provides, among other benefits.

I guess I just have 2 concerns with this approach that I’d like to hear feedback on:

  1. My first potential worry with this plan is fingerprintability. Would this make my unique domain or potential general location show up in websites like [DNS leak test], or would it just show Mullvad here since I’d be using them as the upstream resolver for queries not blocked by Adguard Home? (This is under the impression I’m using this with a VPN btw if that wasn’t clear) Clearly that’d be a a major issue if I’m exposing my unique domain that only I’m using to every site I visit…

  2. Would this end up exposing my DNS queries or other data to my ISP since it’d be done on my own local hardware? If so, what would a solution be if there is any? I could in theory just put the Pi behind a VPN from my Router, but then would the necessary port forwarding still work and allow Adguard Home to function as intended and with a domain like this?

Another idea I’ve thought of if just using the VPN clients on my phone in combo with this DNS server I set-up doesn’t work, I could potentially put my Pi with Adguard Home behind a VPN, and then remotely connect to my Pi directly through i.e. Wireguard. Is this also a possibility? Would that also be a way I could use my VPN in combo with Adguard Home from anywhere? Doesn’t seem like it’d be as clean or ideal like just directly using my VPN clients in combo with my encrypted Adguard Home DNS Server, but it might get the job done if that isn’t really an option. I’m also not sure if this would work due to similar reasons as my last point, not sure if port forwarding or anything else would be a problem if I route through VPN.

Is there anything else to this that I’m missing or overlooking?

Tbh, my head is spinning thinking about all of this. I hope what I’m saying makes sense. Overall, I really like this idea, I love the thought being able to use the customization, freedom, features, and other benefits that Adguard Home provides, but also being able to use it outside of my local network and with a VPN like I can with NextDNS.

Can’t wait to hear what the community thinks!

Pihole is also a good option