Challenges:
1. Private DNS server for my home network and for my devices when they are on the move away from Home network. 2. Ability to block all ads, maleware etc inside my browser and mobile apps that I use. No need for adblock plugins in browser or ad blocking VPN service configuration. 3. Avoid use of DoH client for home devices.
I came up with simple docker based DNS server with DoH capability that can be setup easily in minutes. I wanted to make sure that I can rebuild my DNS server quickly without redoing all complex installation and configuration and make it easy for others to use same stack effortlessly.
I have setup DNS server with DoH + Unbound on a raspberry pi at home (You can use any linux box/VM if raspberry pi is not available). I use it as my DNS server in router DHCP settings. This setup solves all my DNS related privacy challenges. This allows me to use native DNS + DoH for home network. I blocked 53 port traffic at router for all IPs except my raspberry pi IP. This makes sure none of the devices on network can communicate over DNS ports outside of my network except raspberry pi running DNS server.
When I am on the move away from my home setup, I use DoH service installed on a DNS server that I setup in cloud with same docker stack (AWS EC2 micro instance). AWS provides all new accounts a 12 months of free usage for t1.micro instance. This cloud DNS server with DoH keeps me protected from ads, maleware etc and ISP even outside of my house. This does not violate AWS policy as we don't have to expose DNS port in instance security group/firewall.
I have published my work here at https://hub.docker.com/r/satishweb/doh-server and https://github.com/satishweb/docker-doh.