Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
If you have a Pi/fancy router that can run AdGuard Home, you can use it as a forwarder to NextDNS, you'll need to assign a domain (or just a DDNS address) and setup LetsEncrypt so it can listen for DoT requests. Unfortunately, if you want your device to seamlessly use DoT when away from home, either the home instance needs to be reachable from the internet, or set up an AGH on a VPS to handle the traffic from the internet, at which point you're better off just whitelisting that VPS IP and be done with it.
If you don't want to set up AGH at home or at a VPS, accept that the phones need to use the NextDNS/Nebulo/Intra/AdGuard app set to your NextDNS DoH endpoint while you block other providers, though this doesn't actually stop others from using their own/generic NextDNS, or even any provider if their DoH client support bootstrapping. Also, unless it's a seriously fancy router that analyzes traffic statistics, blocking DoH is merely using public list of DoH domains, anyone can create their DoH proxy which won't be blocked. Some routers have SNI filtering which can block websites regardless of the DNS used, but then you need to provide your own blocklist.