Hi,
I'm thinking of installing cloudflared alongside Pihole is this worth it?
If I install it and enter 127.0.0.1#5053 in Custom1 (IPv4 upstream) will this mean IPv6 queries wont work or go unencrypted?
Also as I can not change DNS in my router I have to manually set every device so if i were to put my Pihole IP under IPv4 DNS will my pc also send IPv6 queries to that address or do i need to manually enter an address there as well.
Thanks for any help..
Only you can decide if it is worth it, according to whatever worth you would apply to this.
What is it that you wish to accomplish?
Thanks for the reply
Mainly to encrypt my DNS queries for that extra bit of security. I just see mixed reviews... some people say there's no point and other say to definitely install it.
I don't think you will get the security benefits you expect but it is easy enough to install it and see if you are satisfied with the performance.
No. A or AAAA queries can be resolved fully by IPv4 only. You don't need an internal loooback IPV6 address specified.
Could you elaborate on "I don't think you will get the security benefits you expect"?
What benefits would cloudflared offer me?
I have heard of unbound as an alternative which i may look into.
Thanks
Are you concerned that third parties are tampering with your DNS replies? This is security.
Are you concerned that third parties will be able to see your DNS traffic? This is privacy.
What do you specifically wish to gain by using encrypted DNS that your existing DNS does not provide?
I hope by using cloudflared the connection from the device to the DNS server is secure and can not easily be snooped, monitored, tampered with unlike with standard DNS, requests are sent in plain-text
My windows 11 install uses DNS over HTTPS by default when going straight to Cloudflare so while using pihole it would be nice to keep this feature.
If this is what you want, install Cloudflared. Note this won't hide where you browse, but it does prevent DNS interception and redirection by your ISP.
I'm a bit of a noob learning all of pihole settings at the moment so cheers for the help
If I install cloudflared should I or is there any benefit of keeping DNSSEC enabled what exactly does this do?
Cloudflared will handle the DNSSEC checking. If you enable this in Pi-hole, it will simply show the DNSSEC results in the query log.
I have installed cloudflared how can i check its working as expected as the link below shows my results
Doesn't even say im connected to cloudflare
Actually I managed to fix this by turning DNSSEC off.... Does cloudflared handle DNSSEC as if I use https://dnssec.vs.uni-due.de/ i still get Yes, your DNS resolver validates DNSSEC signatures.
Although I'm just a little confused by this below
I will use IPv6 as well for external DOH lookups so what do I need to uncomment
I read it that if I delete everything under the comment then it wont have an address for IPv6
proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:
#- https://[2606:4700:4700::1111]/dns-query
#- https://[2606:4700:4700::1001]/dns-query
Why? Both A and AAAA queries can be resolved using an IPv4 resolver. There is no need to use IPv6 addresses to resolve any DNS queries.
It was more if i had the option why not... I was just unsure what i need to uncomment.
although do you know if -
cloudflared handles DNSSEC as if I use https://dnssec.vs.uni-due.de/ i still get Yes, your DNS resolver validates DNSSEC signatures when its disabled in pihole
Cloudflared appears to be doing this.
Thanks for the reply.
One more thing when i use a Dig command it appears to be using googles DNS? Or is that me being stupid
The Pi-hole host is using Google for DNS. This is independent of any settings in Pi-hole.
Of note, your dig was made for a complete URL, not a domain. For an answer from a DNS server, you need to use only the domain name:
URL: https://discourse.pi-hole.net
Domain: discourse.pi-hole.net
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
