DNS Over HTTPS And Questions

Why does Pihole not Support DNS Over HTTPS built in?
As adguard piholes competitor does.
Will it ever be implimented to pihole in a similar way to adguard?
Why does Adguard have some features which would be really handy in pihole like optimistic cache and dns options like load balance? Would these be added in the future?

Although saying that thanks for making pihole what it is up to now.

That's another name for something dnsmasq (which is running within Pi-hole) can do.

Adguard says this:

cache_optimistic (since v0.107.0 ) — Make AdGuard Home respond from the cache even when the entries are expired and also try to refresh them

In dnsmasq, this is "stale-cache", which Pi-hole supports.

  • use-stale-cache – when set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway and attempts itself to refresh the data with an upstream query after returning the stale data. This can improve speed as we can always reply immediately to known queries, even when cached content has expired, instead of having to wait for upstream replies to arrive. However, in certain edge-cases, these out-of-data replies can lead to (intermittent) incorrect behavior on websites as there is no way to inform a downstream client that an answer we provided before was wrong. The client may cache wrong data for a long time until it re-sends a query to get the updated information.
    It comes at the expense of sometimes returning out-of-date replies and less efficient cache utilization, since old data cannot be flushed when its TTL expires. The cache becomes strictly least-recently-used.


Adguard advertises this:

  • Load Balancing: AdGuard Home sends your queries to only one upstream server which is the fastest server at a time.

Pi-hole does this (and has done this for a long time):

Improve detection algorithm for determining the "best" forward destination

The DNS forward destination determination algorithm in FTL DNS's is modified to be much less restrictive than the original algorithm in dnsmasq. We keep using the fastest responding server now for 1000 queries or 10 minutes (whatever happens earlier) instead of 50 queries or 10 seconds (default values in dnsmasq). We keep the exceptions, i.e., we try all possible forward destinations if SERVFAIL or REFUSED is received or if a timeout occurs. Overall, this change has proven to greatly reduce the number of actually performed queries in typical Pi-hole environments. It may even be understood as being preferential in terms of privacy (as we send queries much less often to all servers).



This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.