Chromium bypasses Pi-Hole by tunneling via DoH - solution is to block dns.google

I found that running the same site in both Firefox and Chromium produced different ad blocking results.

  • Firefox successfully blocked ads (ads which are not embedded).
  • Chromium didn't

For example try this site: Why Using an Ad Blocker Is Stealing (Op-Ed) Opinion, some nonsense which I have obviously picked completely at random.

It seems that Chromium is programmed to use DoH with endpoint dns.google for ads (at least if the ads are otherwise blocked). This happens even if Chromium's "do not enable DoH" option is set on. So while in-browser ad blockers would fail to block such a strategy, pi-hole is able to block the ads anyway by adding "google.dns" to the blacklist.

Note that Chromium will remember the ad sites in it's DNS cache even after "dns.google" is added to the Pi-Hole blacklist. It remembers the ad sites even if Chromiums "delete DNS cache" feature is activated. I had to reboot my system to get the cache to clear, so that I could re-read "Why Using an Ad Blocker Is Stealing" on Chromium without having to see any non-embedded ads.

Did you mean to write dns.google instead of google.dns? There is no such domain as google.dns, or even a .dns top-level domain.

Yes, you are right - it is dns.google. I've edited my original post to reflect your correction.

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.