Does anyone know if it's possible to provide a setting to pihole to easily point to a DoH provider, such as Quad9? For example, it'd be great to simply add a config option in 01-pihole.conf to use https://dns.quad9.net/dns-query for upstream queries.
You can simply configure Pi-hole to use your DoH proxy as its only upstream DNS server.
In addition, you'd need to install that proxy software for handling DoH, e.g. dnscrypt-proxy.
Check with your aspired DoH provider whether your chosen proxy software is supported. Some providers may offer their own proxy software (e.g. Cloudflare's cloudflared).
It is not that simple. There needs to be software in the loop that does the encryption/decryption. This is typically done with unbound, DNS Crypt, etc.
Any chance pihole could build in that layer of software to do the encryption/decryption?
Very little chance of that.
Why reinvent something that someone else with the expertise in the subject has already created?
I concur. Pi-hole is an ad-blocking DNS forwarder. As in: We filter DNS queries based on user rules and forward everything else upstream. Whether this is forwarding somewhere upstream or to some encryption proxy is entirely up to the user.
Maintaining encryption software is a really complex topic. As is maintaining a DNS server/forwarder. We have experts in each field and more fine-grained software packages can be maintained and updated much easier than one gigantic software that this to do everything itself.
It is like you install any other software on your computer. The operating system gives you some tools ready to use, but you may chose to install another Office suite, Internet browser, etc. because it suits your needs/taste better. Any tight integration typically reduces overall generality. In the end, competition is good for the products. Even for free and open-source software.
Thanks for the explanations. I'm just trying to wire up my pihole to forward requests to the Quad9 DoH service and I'm struggling to figure it out. I'll keep trying.
You may want to use this guide:
Don't forget to edit the dnscrypt-proxy.toml file for Quad or any other DoH DNS service you want to use.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.