Is it possible to setup your Linux box to use/force-use the /etc/hosts file FIRST, and THEN use a private DNS service like NextDNS or Quad9? I really like the idea of content filtering at the operating system level.
Where would you recommend to start reading about networking?
better way is just to use a local DNS server that recurses to a DNS server of your choice for lookups.
Hosts file really should not be touched.
So, what, use a software like Unbound? Can I use DNSCrypt with Unbound?
Also, how light is it to set up unbound on my laptop? Is it heavy on system resources? I really don’t have a fancy router to play with. So I’d probably be installing a local DNS software on my one and only computer.
I’m determined to experiment with the hosts file. However, my goal is to keep the list to a minimum. Focusing only on malware and not advertising or tracking. Can this be accomplished?
I’d only bother with unbound if you’re wanting to serve an entire LAN network. For example one can use unencrypted DNS on port 53, with unbound and serve that to an entire LAN, then use a forward zone which pushes off to DNSCrypt, ie:
forward-zone:
name: "."
forward-addr: ::1@53000
forward-addr: 127.0.0.1@53000
In that case you’d probably just want to install DNSCrypt locally and set your resolver to 127.0.0.1.
You can use DNSCrypt for filtering and it works pretty well Filters · DNSCrypt/dnscrypt-proxy Wiki · GitHub