Reddit refugee. I do things with servers and security.
DO NOT run a public DNS resolver. It’ll get used as part of a DNS amplification attack, and your system will be used to DDOS somebody else.
The only viable solutions here are to either have OPs friends VPN all traffic through OPs network (there might be a way to use split tunneling to reduce total traffic used, though I’m just spitballing here), to deploy hardware locally on their network, or to use a public solution. Everything else is going to be a security risk.
No worries, I just wanted to make very sure that the risks for #1 were properly understood.
VPN might be able to work with split tunneling, but I haven’t tried it myself. It’d probably be more complicated than it’s worth!
I’d also lean towards the public AdGuard servers in this case, for the same reason! I’m happy to field certain calls from friends and family, but I don’t want to get the “my internet isn’t working!” calls at 2am-- I get enough of those from work! 😁