iOS dns configuration profiles

just_decent · June 28, 2025, 4:54am

The issue I am facing:
I have set the pi up for doh, it works fine and registers, but when i try to use it in a configuration profile with cloudflares doh server (i used cloudflared for the doh on the pi) it fails.
Details about my system:
Raspberry pi 5 4gb running raspbian os lite
What I have changed since installing Pi-hole:
Installed cloudflared and set it up to use cloudflared.

Note: this is the 1.1.1.1 results

Bucking_Horn · June 28, 2025, 6:55am

From your description, you point your iOS device to use Cloudflare's DoH resolver.

How would Pi-hole be involved here?

just_decent · June 28, 2025, 7:00pm

The pihole is the dns server, and i am trying to use it on cellular while travelling.

Bucking_Horn · June 30, 2025, 7:36am

That won't work with what you've described.

You'd need a DynDNS service to resolve a domain to your public IPs, a port forward for port 443 in your router, and a DoH proxy in front of Pi-hole, accepting and decrypting DoH requests and forwarding them as DNS requests to Pi-hole.

just_decent · June 30, 2025, 3:32pm

Ok, thanks, can you explain how i can do this? And why port 443, i thought what 53 was dns and 443 was https/ssl? Thanks.
Ps, preferably self hosted like the pihole.

Bucking_Horn · June 30, 2025, 3:41pm

That's outside Pi-hole's scope.

You won't be able to get around DynDNS services, unless you'd host Pi-hole in some kind of a cloud-based VM.

There are quite a few DoH proxies that you could consider, e.g. DNSCrypt's DoH server.

iOS can use DoT or DoH for secure DNS.
You are referring to DoH in your description, and DNS-over-HTTPS (DoH) is using port 443/HTTPS not only for encrpyted transport, but also to hide DNS requests in HTTPS datastreams.

Making port 53 publically available is not an option, as you'd turn your Pi-hole into an open resolver, thus posing a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.

The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.

just_decent · June 30, 2025, 6:41pm

Can you give me a quick tutorial on how to set up dnscrypts' doh server for the pihole?

Bucking_Horn · June 30, 2025, 9:02pm

As this is beyond Pi-hole, I can't provide any further guidance.
The link I've provided contains some quick start instructions.
If they don't suffice, you'd have to consult with the respective maintainers for support, or perhaps look for a different DoH proxy.

just_decent · June 30, 2025, 9:24pm

Ok, thanks!