My understanding was it’s bad practice to host images on Lemmy instances anyway as it contributes to storage bloat. Instead of coming up with a one-off script solution (albeit a good effort), wouldn’t it make sense to offload the scanning to a third party like imgur or catbox who would already be doing that and just link images into Lemmy? If nothing else wouldn’t that limit liability on the instance admins?

Typically schools and universities have acceptable use policies for student VPNs. It is not very difficult to detect VPN setup on a network and universities almost always have at least some form of network monitoring happening.

That said, VPNs are often times blocked and so is SFTP. Most universities I’ve done work with have a requirement that the traffic will be blocked unless you can make a case to IT as to why you need that access.

There are few legitimate use cases for student VPNs and IT staff are usually not idiots and understand what you are up to.

Yep, that’s the one. You just set your upstream default to something like tcp-tls:1.1.1.1:853 for DoT (which is what I use anyway).

Good documentation on other features like adblocking,caching,etc: https://0xerr0r.github.io/blocky/v0.21/configuration/

Just throwing out a couple of other solutions I didn’t see mentioned for DoH/DoT:

1. CoreDNS
2. Blocky

Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it’s DHCP.