June 27, 2026
DNS and the City
Set Up Your Own DoH Service
Why some internet tinkerers are ditching “free” DNS and hiding their own behind secret links
TLDR: The post explains how to build your own private internet lookup service instead of relying on big companies. Commenters immediately turned it into a cautionary tale, with one saying so many strangers showed up that they had to block an entire country and hide the service behind a secret link.
A home-brew internet privacy guide somehow turned into a mini reality show about trust issues, rogue traffic, and one person basically getting adopted by an entire country. The original post walks readers through setting up their own DNS-over-HTTPS service — basically a private address-book helper for the internet, wrapped in normal web traffic so snoops have a harder time peeking. The pitch is simple: if you don’t trust giant companies’ “free” services, build your own and decide what gets blocked, what gets logged, and who gets access.
But the comments stole the spotlight. The biggest mood was paranoid but practical: yes, running your own service sounds empowering, but the second you make it public, strangers and bots may pile in. One commenter dropped the thread’s best horror story, saying their server got posted on GitHub and then “what seemed like a small country” started using it. That’s the kind of sentence that instantly turns a nerdy how-to into a disaster comedy. Their fix? Block the whole country and move the service to a secret web address path — a move that felt equal parts clever, petty, and wildly on-brand for the internet.
Meanwhile, another commenter delivered the driest comic relief possible: “DoH = DNS over HTTPS.” In a thread full of firewall rules and setup instructions, that plain-English translation landed like the exhausted friend in the group chat asking everyone to please speak normally. The overall vibe: self-hosting is cool, but if you open your door too wide, the entire internet may treat your hobby like a free buffet.
Key Points
- •The article says the first deployment decision is whether a DoH service should be private, semi-private, or public, with public instances facing abuse and logging concerns.
- •It identifies benefits of self-hosting DoH, including pre-caching domains, controlling query logs, defining blocking policies, and restoring access to censored domains.
- •It recommends using a separate VM or dedicated server from a VPS provider so the DNS workload is isolated if the provider suspends the account.
- •The setup described uses Alpine Linux and Unbound DNS, with libnghttp2 support enabling DoH directly in Unbound.
- •The article provides sample Unbound port and TLS settings, references Let’s Encrypt certificates, and advises validating the configuration with unbound-checkconf before broader testing.