DNS-over-HTTPS with Fedora based PiHole and Cloudflare
-
Also, take a look at this:
https://pi-hole.net/2018/04/08/psa-issue-with-pi-hole-doh-and-dnsmasq/
-
@aaronstuder said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
Hm....
I guess this doesn't really help me, since my PiHole is hosted outside my network, this would help with requests from the PiHole out to the internet however all requests from the router to the PiHole would be unencrypted.
You can always tunnel that traffic. Although the value to point to point encryption is generally pretty minimal and DNS extremely low unless you are doing something super shady and are being tapped.
-
@aaronstuder said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
Hm....
I guess this doesn't really help me, since my PiHole is hosted outside my network, this would help with requests from the PiHole out to the internet however all requests from the router to the PiHole would be unencrypted.
Yep. I wouldn't mind having a DNS server that supports this stuff from the client side, so this is as good as it gets right now.
-
@travisdh1 said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
dig @127.0.0.1 -p 5053 google.com
So I finally got around to setting this up but how do I test if my DNS queries are truly over HTTPS now?
-
The assumption is that, now that there are no upstream DNS servers shown on Pi-Hole and I can still resolve all domains, that this is in fact working over HTTPS?
-
@nashbrydges said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
The assumption is that, now that there are no upstream DNS servers shown on Pi-Hole and I can still resolve all domains, that this is in fact working over HTTPS?
Correct. The DNS queries are being sent through a proxy with this setup. Hopefully a more elegant and simple solution to doing secure DNS will be available in the future, but for now this is one of the few solutions available.
-
The entire concept is just stupid.
You cannot hide from your provider. -
@jaredbusch said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
The entire concept is just stupid.
You cannot hide from your provider.Not about hiding from provider. It's about securing communications between every endpoint. Just another step to HTTPS everywhere.
-
Would enabling DNSSEC help with securing DNS?
-
@black3dynamite It helps protect your site from DNS spoofing. Here's an example site with DNSSEC.
https://en.internet.nl/site/www.internetsociety.org/303794/#sitednssec
If DNSSEC is improperly setup, the site will not resolve.
Don't think it's very widely used though.
-
@jaredbusch said in DNS-over-HTTPS with Fedora based PiHole and Cloudflare:
The entire concept is just stupid.
You cannot hide from your provider.I'd agree with you, at least for now. This is just one small step in the right direction. It won't really make much difference until it's supported by all endpoints.
