My problem with Pi Hole is that I'd rather have it return NXDOMAIN, instead of redirecting to some other IP.

If you want NXDOMAIN on Pi-Hole, upvote this feature request: https://discourse.pi-hole.net/t/implement-response-zone-poli...

This will only protect you while your on your own network. A lot of the juciest data is about your public location, for that you need something device/browser specific.

There's nothing (except possibly your ISP) stoping you from opening your firewall and using it remotely. I personally run dnsmasq (manually configured, but otherwise similar to pihole) on a VPS.

> There's nothing (except possibly your ISP) stopping you from opening your firewall and using it remotely.

My ISP won't but there are ways around that. The biggest problem I've faced is on the modem side of things, finding something I'd trust to be open to the internet, ideally something I can install openWRT or similar on and something I know will work in my market. It's an options minefield.

Just run a local caching resolver, on Linux that is super easy and uses little resources.

I've got a RaspberryPi Zero (WiFi via USB..ugh). Would that be too slow for DNS, or would having my DNS server be local vs remote negate that slow interface?

It's running fine for me on a Pi Zero W. There's honestly like no slowdown at all

I don't have a Pi0, but I've had no problems running it on a single-core CHIP.

How wouldn't it support OSX. You just set it up as the device that provides a mac with it's network. It doesn't have anything to do with OS's

wait do you mean you want to run it on OSX, or that the DNS in OSX is somehow different, and wont work with pihole as its server?

The idea is you use some inexpensive hardware (like a Raspberry Pi) and simple set all your devices to use it as a DNS server.