Native support encrypted connections

More and more encrypted connections are offered when when making use of provided services. Pi-hole is still depending on proxies or upstream servers to archieve that. This brings limitation to the complete usage of Pi-hole because it can not see which client made the request.

Update: going to bark up the DNSMASQ tree because upstream in Pi-hole is handled by them.
For upstream DoT is the most suited to be used as it is the direct repacement for the current DNS resolve requests throught TCP/UDP port 53. Which are not using encryption and could be looked at by a third party.

For downstream both (DoT and DoH) could be offered. DoH also makes Pi-hole externally available on locations were you are restricted in usage of the provided internet connection.

It would be nice if the connections accepted in, are ECS aware so that the closest CDN is is offered by the upstream server.

3 posts were split to a new topic: Off topic postings

Your wheels are smoking so it is time to let to of the handbrake and move forward. :grin:

Did you read what I wrote or did you only read the headlines?

This Feature Request is almost 100% a duplicate of Implement DNS-over-TLS capability in Pi-hole where we already explained why this is something that needs to be addressed to dnsmasq directly and is not something Pi-hole should implement natively and why this is something Pi-hole already supports - just not as a out-of-the-box solution*. You should be aware of this other feature requests as you posted therein.

My reply is still valid:

*) We neither support unbound or any other third-party addition “out-of-the-box”. However, we are always happy to accept guides for installing the stuff.

So I drop the upstream part (handled by DNSMASQ) and how about the downstream part that is handled by Pi-hole?

Typically, a VPN directly to the device. This allows you a secure connection from anywhere - including from within your home network when you cannot trust it.

I did not see those Youtube ad servers through the smoke you produced. My sincere apologies for ignoring that.

You got me there, if not I am using IKEv2 instead of OpenVPN and only port 80 and 443 TCP are allowed.

However it would be still nice if Pi-hole offered also encrypted connections for it’s clients.

OpenVPN can run equally well on 443/tcp. I re-reoute port 443 for one of my subdomains to my OpenVPN server offering a full tunnel for all my devices when traveling. Where I have seen many APs blocking all kinds of ports, I have never seen one blocking port 443/tcp (may or not the content have been HTTP(S)).

Yes, know that. Hope other now also know that also.

This topic was automatically closed after 29 hours. New replies are no longer allowed.