1.1.1.1

pomegranateporc · April 1, 2018, 5:46pm

https://1.1.1.1/
https://news.ycombinator.com/item?id=16727869

Does pihole support this?

DNS over HTTPS
(or DNS over TLS)

I added it and it seems to be working but I wanted to make sure there are no caveats

Jason_A · April 1, 2018, 6:54pm

Cloudflare has a dns proxy for dns over https here:

https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/

I downloaded the ARMv6 binary for my Pi and started it with:

./cloudflared proxy-dns --port 8053

I am not quite sure how to use it with pihole though. Specifying 127.0.0.1#8053 as my upstream DNS doesn't work as it tries to lookup cloudflare-dns.com and fails.

iamperson347 · April 1, 2018, 10:52pm

My guess would be that there is no name resolution possible when cloudflared first starts. Pihole is trying to use the upstream you provided, but the upstream (cloudflared) needs to resolve one dns name first.

Maybe not the best solution, but try putting an entry in your hosts file (/etc/hosts) for cloudflare's dns:

1.1.1.1 cloudflare-dns.com

That should get you going.

Also, as a general note, I use stubby to perform DNS-over-TLS. The only problem with this is, depending on your os, is you might have to build it. The cloudflared (and dnscrypt-proxy 2) solutions have better portability due to use golang.

LilSnoop40 · April 2, 2018, 11:13am

hello, i added cloudflare as my dns but how do i have all these dns's now? i would like to just have cloudflare and level 3 or just cloudflare. please advise, i restarted my system still nothing:

Thanks

jacob.salmela · April 2, 2018, 11:34am

github.com/pi-hole/pi-hole

Add support for public Cloudflare DNS servers.

pi-hole:development ← everettsouthwick:development

opened 11:01PM - 01 Apr 18 UTC

everettsouthwick

+6 -0

Signed-off-by: Everett Southwick <everett@everettsouthwick.com> **By submitti…ng this pull request, I confirm the following:** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template. - [X] I have made only one major change in my proposed changes. - [X] I have commented my proposed changes within the code. - [X] I have tested my proposed changes, and have included unit tests where possible. - [X] I am willing to help maintain this change if there are issues with it later. - [X] I give this submission freely and claim no ownership. - [X] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [X] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) --- **What does this PR aim to accomplish?:** *This pull request will add support for Cloudflare's new Public DNS servers (1.1.1.1 and 1.0.0.1) launched today.* Relevant issue: #2072 **How does this PR accomplish the above?:** *It adds an option during install to choose Cloudflare's Public DNS servers.* **What documentation changes (if any) are needed to support this PR?:** *I'm not aware of any documentation changes that would be necessary.*

pomegranateporc · April 3, 2018, 3:16am

Does adding 1.1.1.1 give you a secure DNS or is it just a regular DNS? Is it more involved to get DNS over HTTPS?

iamperson347 · April 7, 2018, 2:46pm

It is just regular DNS (with some privacy features in place on the resolver side). If you want your DNS queries encrypted, you will have to use something like stubby (DNS over TLS) or a DNS over HTTP client (like dnscrypt-proxy2 or cloudflared)

pomegranateporc · April 10, 2018, 6:09am

thanks @iamperson347 . The Ars article I read yesterday explained it pretty well. How to keep your ISP’s nose out of your browser history with encrypted DNS | Ars Technica

system · May 1, 2018, 6:09am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.