New to Pi-hole. Have a couple questions about DNS encryption, DoH, and Upstream DNS
I'm brand new to using Pi-hole and just got it set up on a Pi Zero 2 W and in general, it's working great. However, I'm a little confused on the state of DNS encryption over the network and how much it matters with my current configuration.
This is a home network, and before setting up the Pi-hole, I was using Cloudflare as the primary DNS.
Currently, I have pi-hole set up with Cloudflare as the upstream DNS with DNSSEC. As I understand things, under this configuration, requests get passed to the pi-hole, unencrypted, which are then filtered by the lists and rules I set up, and then passed to the upstream DNS (Cloudflare in this case) to get served. At that point, is traffic still encrypted at the point of leaving the home network, or is this now less secure than using cloudflare as the primary DNS beforehand.
To put it simply, on a home network, should I be looking into figuring out how to install and use something like dnscrypt-proxy, or is my current setup "similar enough" in effective security to what I was using before. I'm also aware of Unbound, but not really looking to dive down that rabbit hole to get it set up right now.
I primarily wanted to set up pi-hole to filter ads and block malicious content across the network, and not be overly strict, as there are smart devices and certain websites I want to make sure function without issues.