I understand the concerns raised. My plan was to run everything with logging disabled. Having more than 1 person working on the project seems like a good way to make sure everything is on the up and up. Remember that whoever we forward the PiHole to could also log your requests. Your ISP has this data for sure (assuming your using their DNS.)
@aaronstuder You seem quite interested in becoming either a lead, or a member of existing projects- I strongly suggest you play around on your own first, so you know what to deal with, and get a bit of a record for others who might be interested in assisting/teaming with you.
I’ve done it for quite a while; pick a recursive DNS server (BIND is fine too), pick alternative root hints if you want to browse your favourite .fur sites without hiccups (e.g. OpenNIC; I used to pick the way less furry ORSN but it’s now unmaintained), eventually setup a sinkhole (you may set it up in PowerDNS, BIND and others) if you prefer so, place the recursive server behind dnsdist, connect the box with other ones you have around with a Wireguard mesh, eventually add recursive servers you have in the wireguard’s IP range to dnsdist’ server pool. dnsdist secures quite a bit any downstream resolver you may choose (BIND too!) and allows you to load-balance requests across all the boxes participating in the pool, caching on top of them. The cache can be per-pool or shared across pools. It can add DoH, DNS over TLS, DNSCrypt and whatnot and you can obviously restrict access to localhost and private ranges if you wish so. The resolver actually queried is dnsdist and it’s as public-facing as you want it to be; it can serve as resolver for all your VPNs too.