Cloudflared (DoH) resolving addresses that are blocked by 1.1.1.3

Hello,

This is an interesting one...

I tried switching config.yml in cloudflared from Cloudflare's main DNS server (1.1.1.1) to their Cloudflare DNS for Families setting of 1.1.1.3.

proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:

• https://1.1.1.3/dns-query
• https://1.0.0.3/dns-query
• https://[2606:4700:4700::1113]/dns-query
• https://[2606:4700:4700::1003]/dns-query

The tunnel works and DNS resolution works, but the Pi-hole is not blocking. When going directly to Cloudflare it blocks it correctly.

I've included the nslookup results below.

Cloudflare was setup per the instructions here: cloudflared (DoH) - Pi-hole documentation

PS H:> nslookup pornhub.com 192.168.2.108
Server: pi.hole
Address: 192.168.2.108

Non-authoritative answer:
Name: pornhub.com
Address: 66.254.114.41

PS H:> nslookup pornhub.com 1.1.1.3
Server: UnKnown
Address: 1.1.1.3

Non-authoritative answer:
Name: pornhub.com
Addresses: ::
0.0.0.0

I am really stumped on this one and would appreciate any help.

Thanks.

Ok, I resolved the issue.

Here is the resolution for those running into the same issue.

In config.yml, you must configure the file to look like this:

proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:

• https://family.cloudflare-dns.com/dns-query

The resolution was found here:

https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families#dns-over-https-doh

Thanks.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.