Lots of requests to Port 853 (DoT) on PiHole. Should I be allowing them through firewall?

marsfan · July 1, 2024, 7:56am

I have a PiHole configured that also uses ufw as a firewall for additional security, and unbound as a recursive DNS server. I've followed the normal setup instructions to allow DNS traffic, and everything has been working great for a few years now.

Recently, I've noticed a very large number of messages in dmesg showing that ufw has been blocking traffic on Port 853 (which I believe is for DNS over TLS) coming from my Android phone. Since this is a DNS port, should I be unblocking this for the PiHole to respond to these requests, or is there a reason that this port is not included in the normal setup instructions as one that should be opened up?

Bucking_Horn · July 1, 2024, 9:13am

Pi-hole does not listen on port 853, it listens for plain DNS requests only.

As long as you don't run some DoT server on your Pi-hole machine, allowing those requests would just mean that they fail a bit later.

Why is your Android sending those requests to your Pi-hole machine at all?

system · July 22, 2024, 9:14am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.