This study presents a rigorous empirical evaluation of DNS over HTTPS (DoH) and Pi-hole integration as a dual solution for modern internet security and efficiency challenges. Through multi-phase testing encompassing controlled lab environments, real-world ISP partnerships, and large-scale simulations, the research demonstrates that DoH provides complete protection against DNS hijacking while introducing only marginal latency increases of 12 - 20 ms. Field deployments revealed a 15% latency rise in throttled ISP networks, underscoring the impact of regional infrastructure on performance. Pi-hole delivered consistent 35% - 38% bandwidth savings across lab and production environments by blocking 92% of ad traffic, though a 5% performance trade-off for CDN-dependent content was identified—a nuance previously underreported in literature. The study advances existing research through real-world validation using Mozilla Rally telemetry and ISP traffic logs, which confirm DoH’s privacy benefits while exposing implementation challenges such as ISP interference. A novel mitigation framework combining Firebog blocklists with AI-driven allowlists reduced over-blocking incidents from 15% to 3% without compromising security, maintaining 89% protection against malicious domains. Scalability testing via GNS3 simulations proved the solution’s efficacy for networks up to 5000 devices, though enterprise deployments require load balancing to sustain performance. Quantitative metrics revealed 34% faster page loads post-implementation, while qualitative interviews highlighted Docker configuration complexities affecting 60% of non-technical users. These findings translate into tailored deployment protocols: SMEs benefit from cost-effective Pi-hole clusters with dynamic filtering, while larger organisations require hybrid DoH resolvers to balance security and quality of service. For policymakers, the study provides evidence supporting standardised encrypted DNS adoption, particularly in bandwidth-constrained regions where solutions like Africa’s Control D resolver mitigate performance penalties. By bridging the gap between controlled experiments and real-world viability, this work advances internet infrastructure literature while exposing critical operational trade-offs, equipping stakeholders with evidence-based strategies for secure, efficient networks.
References
[1]
Lu, C., Liu, B., Li, Z., Hao, S., Duan, H., Zhang, M., et al. (2019) An End-to-End, Large-Scale Measurement of DNS-over-Encryption. Proceedings of the Internet Measurement Conference, Amsterdam, 21-23 October 2019, 22-35. https://doi.org/10.1145/3355369.3355580
[2]
MontazeriShatoori, M., Davidson, L., Kaur, G. and Habibi Lashkari, A. (2020) Detection of Doh Tunnels Using Time-Series Classification of Encrypted Traffic. 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, Calgary, 17-22 August 2020, 63-70. https://doi.org/10.1109/dasc-picom-cbdcom-cyberscitech49142.2020.00026
[3]
Alzighaibi, A.R. (2023) Detection of Doh Traffic Tunnels Using Deep Learning for Encrypted Traffic Classification. Computers, 12, Article 47. https://doi.org/10.3390/computers12030047
[4]
Froehlich, A. and Ferguson, K. (2023) What Is Network Bandwidth and How Is It Measured? TechTarget.
[5]
Ullevig, E. (2023) What is a “Pi-Hole”, and Why Do I Need One? History-Computer.
[6]
Kristopher (2023) Pi-Hole vs AdGuard Home for ad Blocking: 12 Key Differences. HTPCBEGINNER LLC.
[7]
Section (2023) Create a secure home connection using Pi-hole and Docker. Section.io.
[8]
Cloudflare Inc (2023) DNS over TLS vs. DNS over HTTPS. Cloudflare.
[9]
Böttger, T., Cuadrado, F., Antichi, G., Fernandes, E.L., Tyson, G., Castro, I., et al. (2019) An Empirical Study of the Cost of DNS-over-HTTPS. Proceedings of the Internet Measurement Conference, Amsterdam, 21-23 October 2019, 15-21. https://doi.org/10.1145/3355369.3355575
[10]
Bumanglag, K. and Kettani, H. (2020) On the Impact of DNS over HTTPS Paradigm on Cyber Systems. 2020 3rd International Conference on Information and Computer Technologies, San Jose, 09-12 March 2020, 494-499. https://doi.org/10.1109/icict50521.2020.00085
[11]
Korner, I. (2023) Revolutionizing DNS Security: Cost-Effective deployment of DoH for ISPs. Radware.
[12]
Stadler, K. (2023) How to Block Advertisements at the DNS Level Using Pi-Hole and OpenVPN on Ubuntu 16.04. Digital Ocean.
[13]
Partridge, R. (2023) What is Pi-Hole & Why Would You Want to Use It? Tech Addressed.
[14]
Kalman, G. (2023) 10 Common Web Security Vulnerabilities. Toptal.
[15]
Lin, J. (2023) DoH and Phishing Risks: What You Need to Know Now. Techstrong Group.
[16]
Kim, T.H. and Reeves, D. (2020) A Survey of Domain Name System Vulnerabilities and Attacks. Journal of Surveillance, Security and Safety, 1, 34-60. https://doi.org/10.20517/jsss.2020.14
[17]
Borgolte, K., Chattopadhyay, T., Feamster, N., Kshirsagar, M., Holland, J., Hounsel, A., et al. (2019) How DNS over HTTPS Is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3427563
[18]
Houser, R., Hao, S., Li, Z., Liu, D., Cotton, C. and Wang, H. (2021) A Comprehensive Measurement-Based Investigation of DNS Hijacking. 2021 40th International Symposium on Reliable Distributed Systems (SRDS), Chicago, 20-23 September 2021, 210-221. https://doi.org/10.1109/srds53918.2021.00029
[19]
Open Text (2023) What is DNS over HTTPS (DoH)? Webroot.
[20]
QuoIntelligence (2023) How DNS-over-HTTPS (DoH) Has Changed the Threat Landscape for Companies. QuoIntelligence.
[21]
NetSTAR (2023) Understanding DoH and DoT. NetSTAR.
[22]
Cimpanu, C. (2023) Unencrypted DNS: A Persistent Threat. ZDNet.
[23]
APNIC (2023) Global DNS Encryption Adoption Rates. APNIC.
[24]
Sandvine (2023) Bandwidth Consumption by Ad Traffic. Sandvine.
[25]
Verizon (2023) Data Breach Investigations Report. Verizon.
[26]
GSMA (2023) Mobile Data Affordability in Developing Nations. GSMA.
[27]
Hoang, N.P. (2022) ISP Surveillance and DNS Privacy. ProceedingsonPrivacyEnhancingTechnologies, 2022, 78-95.
[28]
TRAI (2023) Mobile Data Usage Patterns in India. TRAI.
[29]
Freedom House (2023) Global DNS Encryption Policies. Freedom House.
[30]
Mozilla (2023) DoH Impact on User Privacy. Mozilla.
[31]
Jacobs University (2021) Pi-Hole Deployment Analysis. JournalofNetworkOptimization, 9, 112-130.
Liu, B. (2022) DoH: Privacy vs. Performance. IEEETransactionsonDependableComputing, 19, 45-60.
[34]
Pi, S. and Wang, J. (2023) Primordial Black Hole Formation in Starobinsky’s Linear Potential Model. Journal of Cosmology and Astroparticle Physics, 2023, 18. https://doi.org/10.1088/1475-7516/2023/06/018
[35]
Lyu, M., Gharakheili, H.H. and Sivaraman, V. (2022) A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques. ACM Computing Surveys, 55, 1-28. https://doi.org/10.1145/3547331
[36]
Ahmed, S., Ahmed, I., Kamruzzaman, M. and Saha, R. (2022) Cybersecurity Challenges in IT Infrastructure and Data Management: A Comprehensive Review of Threats, Mitigation Strategies, and Future Trend. Global Mainstream Journal of Innovation, Engineering & Emerging Technology, 1, 36-61.
[37]
Schafhalter, P., Krentsel, A., Gonzalez, J.E., Ratnasamy, S., Shenker, S. and Stoica, I. (2025) Bandwidth Allocation for Cloud-Augmented Autonomous Driving.
[38]
Lyu, M., Gharakheili, H.H. and Sivaraman, V. (2022) A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques. ACM Computing Surveys, 55, 1-28. https://doi.org/10.1145/3547331
[39]
Nadler, A., Bitton, R., Brodt, O. and Shabtai, A. (2022) On the Vulnerability of Anti-Malware Solutions to DNS Attacks. Computers & Security, 116, Article 102687. https://doi.org/10.1016/j.cose.2022.102687
