Installed cloudflared on pihole. Either via manual or automatic mode https://1.1.1.1/help is showing that DoH is not active. Although testing after installation (with "dig") shows that everything is fine.
I've already tried (in the manual installation) Toby's Solution, but no change.
Pihole Dashboard shows an increasing number of https-requests. So via CLI and Dashboard it looks like, that DoH is already working. But 1.1.1.1 is still showing "No".
Any ideas on how to solve this?
There seems to be an issue with networking following the debug log:
*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the eth0 interface.
[✗] No IPv6 address(es) found on the eth0 interface.
[i] Default IPv4 gateway: 10.11.12.1
* Pinging 10.11.12.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)
Others than that, your Pi-hole configuration seems correct as in only 127.0.0.1#5053 is configured as upstream server.
Which client did you use to run the test? If this wasn't on the Pi-hole itself, you may need to check the if the client uses the Pi-hole exclusively. Only in this case the test can succeed.
All done directly from the Pihole CLI:
Well, there is no "eth0" listed, if I do a ip address show. There is only an adapter named "enxb827ebc729ca". This one has the IP address assigned. Is there any difference between the adapter name shown via CLI or Pihole Webfrontend? How do I change the IP of eth0?
If I do an ip -4 route show default | awk '{print $3}', I got 10.11.12.1 (which is my default router). From there it is pingable.
I did the test from my MacBook (connected via LAN only; WiFi turned off; only DNS was the Pihole IP) and from my iPhone (connected via WiFi; again only DNS was the Pihole).
I'm out of ideas here because I have no experience with Apple devices. When
they are properly configured to use only the Pi-hole, and
the Pi-hole is configured to use only Cloudflare, and
the Cloudflare test works,
you should get the expected report. I expect the error to be in no. 1 because we checked no 2. and I don't think no. 3 is something we should worry about (we couldn't do anything about it in the end).
Maybe there is some change the queries can circumvent your Pi-hole by an in-browser special DNS handling or whatnot.
This website does not return correct results depending on the DNSSEC setting in Pi-hole. Toggle your DNSSEC setting to false and see if this changes the response from the test site.
I had a similar issue. I had cloudflared querying OpenDNS DoH for some weeks, then it just stopped working. OpenDNS DoH test works, pihole forwarding to OpenDNS works, but digging cloudflared failed. I had changed nothing when it stopped.
I just gave up and installed DNSCrypt. I set it up for using cisco (OpenDNS DNSCrypt) and cisco-doh. Now it's all working, DNSCrypt log reports digs that I do to it directly and that I do to pihole. I couldn't find any evidence of leaks.