DNS over HTTPS

singh763173 · June 25, 2017, 12:06pm

Hi All - this might actually be a feature request but wasn't too sure.

Is there any way to implement Googles DNS over HTTPS or equivalent service to secure DNS requests with Pi-hole?

Keen to hear your views

Mcat12 · June 25, 2017, 3:53pm

Just off the bat, you'd need an HTTPS connection to your Pi-hole. If that's local, then you need to use a self-signed cert, which means that it's not signed by a trusted authority and therefore everything that uses it will throw a warning unless you mark it as trusted. Then, if you lose the cert, anyone can snoop in on you as if you didn't have HTTPS, without you knowing. HTTPS is better suited for situations when it can use a certificate signed by a trusted authority.

Edit: However, if you mean securing your upstream DNS connections, then I'm unsure if dnsmasq will support this method, and I doubt that many upstreams besides Google even implement this method.

DL6ER · June 27, 2017, 7:19am

It doesn't Google's DNS-over-HTTPS is an API that you can query using HTTP GET. It returns JSON data including the response as payload.