Cloudflare service is running but I can't seem to connect to the port 5053 using telnet from another computer to the pihole, so there is something wrong and the https://1.1.1.1/help also is showing that I'm not using DNS over HTTPS.
Is there something that I haven't configured? Shouldn't the 5053 port be responding to a telnet call from same network? The 53 ports responds.
Could my router / firewall have something to do with the port 5053 not answering?
I have allowed everything from the LAN but do I need to open anything else?
Okay so this is strange when using dig like this: dig -p 5053 google.com @127.0.0.1
it will not work but when I use locahost it answers the call: dig -p 5053 google.com @localhost
So there must be a setting wrong somewhere.. hosts?
Update I edited the cloudflared config file and added --address 0.0.0.0
and that solved it CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --address 0.0.0.0
One more Question using DoH.. does using DoH mean that the isp will not be able to see where our devices are going, at least not directly?
Or at least it will stop or make the man in the middle attack harder.
Yes and no. They won't see your DNS traffic, but once you have the IP in hand, you will ask the ISP for that IP in clear text and they can fairly easily figure out where you are browsing.
This is true. Since the DNS traffic is encapsulated in the SSL tunnel, only you and the upstream resolver can see it, and it is hidden from intermediate parties.