Please follow the below template, it will help us to help you!
Expected Behaviour:
Running the cloudflare ESNI test I expect to see secure DNS pass as DNS over HTTPS should be enabled.
Actual Behaviour:
DNSSEC and TLS1.3 pass but SNI and secure DNS tests fail. However, all the other tests I've run seem to show it working fine. When i disable the service I can't resolve anything, and every other test method I've found seems to work. I've tried with both cloudflared and dnscrypt-proxy. Currently I am using dnscrypt-proxy since cloudflared would return SERVFAIL for every dig @127.0.0.1 -p 5053 google.com query while dnscrypt-proxy returned NOERROR.
Some guidance would be much appreciated. There's a ton of information out there, much of which is out of date or for older versions. I've been loving pihole so far.
Is this a Pi-hole issue? Pi-hole simply forwards the DNS queries to the upstream servers, in your case cloudflared. If cloudflared is not working correctly, try contacting them.
But after some more investigating seems like you’re most likely right, just confused as to why both dnscrypt and cloudflared having similar problems in the setup.
Was just wondering if anyone else had similar issues with dns over https proxy servers and pihole
pi@noads:~ $ host pi-hole.net 1.0.0.1
Using domain server:
Name: 1.0.0.1
Address: 1.0.0.1#53
Aliases:
pi-hole.net has address 206.189.252.21
[..]
pi@noads:~ $ traceroute -n 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
1 10.0.0.1 0.653 ms 0.582 ms 0.743 ms
2 192.168.1.1 0.852 ms 0.781 ms 0.747 ms
3 62.58.240.1 16.591 ms 16.879 ms 16.557 ms
4 212.53.25.201 16.448 ms 16.139 ms 35.353 ms
5 212.53.25.193 16.271 ms 16.431 ms 16.469 ms
6 212.151.190.0 16.866 ms 16.744 ms 16.549 ms
7 130.244.82.55 19.369 ms 19.312 ms 19.018 ms
8 212.151.176.245 19.415 ms 19.580 ms 19.318 ms
9 * * *
10 1.0.0.1 16.872 ms 16.986 ms 16.700 ms
But this could be related to my ISP only.
Maybe still after effects of below one:
