[tmottabr]

Why not a good idea?? There is nothing that say it should be a separated hardware..

In fact, AdGuard app for iPhone does basically this, it install itself as an always on VPN to hijack DNS queries from apps..

You dont even need containers or VM for AdGuard, it have a windows version that you can install as a service and then just point the DNS to localhost..

For Pihole i seen guide that use WSL to run it locally, but using containers in this case might be easier..

I dont know Technitium so cant comment on it, but quick search it look like it also have a windows version so it might not require containers as well..

It is not the usual configuration but it work.. In this case i would point AdGuard to use whatever DNS is available in the local network so you do not loose access to local stuff..

If you are on a laptop it will require some manuall managing unfortunatelly, but if you are on a fixed network you just need to set it up once and forget about it..

[quickslowdown]

That's a good point about phone VPNs! It feels like this would be counter to someone's recommended best practice, but now I'm curious and might try this on my own :)

[tmottabr]

basically every adblock on iphone does this, usually as part of a premium paid upgrade..

iOS unfortunately does not have a way for those apps to hijack the OS level DNS... so they fake a VPN to configure thenselves as the VPN DNS server to allow then to capture all the local DNS traffic..

they do this because it is, as far as i know, their only option to do ad blocking for the whole device instead of just for safari..