I understand setting your DNS to cloudfare helps staying anonymous out there. So if someone sets a Pi Hole linked to Cloudfare does it cover one’s tracks? Together with a VPN.
DNS is not anonymous. its basically like a phone book, you lookup the name and it gives you a number. That’s it. Your ISP may refuse to give you the number (IP) for a name (address) but thats it. PiHole just gives a local IP for ad domains and gets its requests from other dns servers and caches them locally for a time.
See here for a list of dns providers
Have you looked into unbound? https://docs.pi-hole.net/guides/dns/unbound/
Pihole + unbound is a great setup. Screw trusting cloudflare or google or whoever with all of your dns queries, be your own dns resolver!
I think the best you can do is use pihole with unbound so all dns requests go directly to root servers so no middle man involved. If you have a raspberry pi and use dietpi it is very easy to setup.
Best advice. Set your own dns resolver, it’s easy.
Do you expose your DNS server to the public? If not how do you use it outside of the network? Like on mobile
I don’t expose my dns, because I don’t bother. I’m using Android phone, so I accept my phone is not private.
But a VPN could be a solution to get in touch with your dns.
Disclaimer: I am no expert by any means.
With that being said, as others have said, a DNS is like a phone book. By using PiHole with it going to a privacy respecting DNS service, you in theory eliminate being tracked by a DNS provider, but you do nothing to prevent your isp from tracking which ip addresses you access, and you do nothing to prevent search engines tracking which results you click on, you do nothing to prevent your web browser from tracking your browsing (especially on Chrome and Edge).
In summary:
DNS lookups: yes
ISP with IP addresses: no you would need a GOOD VPN or TOR and either one properly configured
Web browser: no, you need at least Firefox with data collection turned off, preferably with something like ublock installed.
Search engine: no, requires more research but supposedly duckduckgo and eccosia are privacy respecting *citation required
Not sure about pi-hole, but with dnscrypt-proxy on rooted android. You can anonymize dns queries via relay dns
Having a couple chained together muddies the results enough that unless you’re accessing things that you’re REALLY not supposed to won’t bother to track back. DNS is a ‘ask the next guy’ type of ordeal with some along the way caching the responses they’ve received for whatevr length of time the TTL is set on a record. Technically you could set a DNS server to cache things infefinatly and never querry a public server again past the first call but it would quickly be full of outdated records that point you to the wrong destination.
