To the extent feasible, I’d like to be able to use a Pi-hole to block DNS over HTTPS (DoH), using approaches similar to those outlined here:
Why are you submitting this a a feature request? The GitHub site appears to have the information you need to set this up locally on your network.
To elaborate, the feature request would be for anti-DoH to be a high-level, UI-driven option within the Pi-hole itself - an easy, one-click enabling (that would be fully integrated into the Pi-hole, persist across upgrades, etc.).
I predict that adware and malware are likely to start using DoH to evade DNS blacklisting. I see countermeasures for that as part of the Pi-hole’s core value proposition.
[Edit: an example of malware using DoH]
Please also note that I understand that some types of use of DoH would not be “intercept-able” by the Pi-hole itself (as you noted here). But for the types that the Pi-hole can see, I think it’s worthwhile to make it easy to do so.
This feature is out of scope for Pi-hole.
I respect the decision. Could you elaborate a little bit about why, to better inform future feature requests?
Pi-hole is focused on being a DNS server which can block DNS queries based on predefined filters. It is not meant to be a security product, although it may be used to block malicious domains with certain blocklists.
Pi-hole is also a project run by volunteers, and we do not have the manpower to extend Pi-hole’s scope further than it is currently.