How to handle HTTPS / SSL DNS lookups with pi-hole on Synology?


#1

I installed Pi-Hole on my Synology using debian chroot by following this popular FAQ.
As we know by reading this FAQ on HTTPS / SSL requests, Pi-Hole by default ignores requests over SSL.

This will cause some websites to slow down, like described in https://discourse.pi-hole.net/t/why-do-some-sites-take-forever-to-load-when-using-pi-hole/3654.

The suggested solution in the topic above is to add a firewall rule to iptables, to REJECT requests over 443.
I am not sure how to realize this, if Pi-Hole is not running on a RaspberryPi, but on a Syno with the Synology/debian-chroot/pi-hole approach.

  • What requests are we talking about? Any requests or DNS requests?
  • On what level should I insert the iptables rules? Should I SSH into my Synology and add the rules to the Synology OS firewall? Or should I do this in the debian-chroot?

At this moment, on Synology level, I use the DSM firewall (GUI), and have ports 80 and 443 open, because I serve the DiskStation’s website via SSL. In the debian-chroot, I have not configured anything regarding iptables.

What could be a good approach here?