Hello,
How do I stop the pihole from blocking use-application-dns.net ?
I believe that it prevents Forefox browsers from using DoH.
I do not have the domain blacklisted and can't find the setting where I can turn this off.
Thanks
It does. Note that if Firefox uses DoH, the DNS traffic from that browser will not go to Pi-hole.
The applicable line in /etc/dnsmasq.d/01-pihole.conf is:
server=/use-application-dns.net/
Note that any changes made to this file are subject to overwrite on a repair or update.
Forgive me because I'm a newbie. But how exactly do I shut it off. Would I just delete or comment out the line in the text file?
I believe yes - comment out that line. Note the big warning in that file - changes will be overwritten at some point.
If I may ask, why do you want Firefox to use DoH and bypass Pi-hole?
I have the pihole set as dns server in my router settings, this way its really simple and I don't have to manually enter it for each device.
I use uBlock in Firefox on all my machines, which works great for adblocking.
Pihole is just for blocking ads on mobile devices and smart TV
There are too many false positives for me to troubleshoot when I use it with Firefox.
This way Firefox can ignore Pihole, while all other devices can get filtering.
Seemed like the most elegant solution to me at the time.
It would be really neat if there was a more permanent and easier way to toggle this in the GUI.
Thanks for help though
A more reliable solution may be to use Pi-hole as the DHCP server, and add a dnsmasq configuration file to manually assign selected clients a DNS other than Pi-hole. Then, there is no interaction between Pi-hole and this subset of clients.
Yes I thought of that, however I believe that would break the Dynamic QoS on my netgear router.
You might want to consider using other/less adlists than. It seems like you're using not the best adlists than.
Another approach could be to use the Group Management feature to put those clients in a new group which bypasses pihole's adblock filtering.
It's not clear that this will work since the DNS setting is in a dnsmasq configuration file. Group blocking is done through database lookups, and I suspect the dnsmasq configuration will apply equally to all clients regardless of group.
I don't doubt that. I was solely referring to the possibility of excluding devices with a lot of false-positive from filtering an easy way without manually changing the config files.
Read below how Firefox determines if its allowed to use DoH:
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
I just added that use-application-dns.net domain with the actual IP 63.245.208.212 (from a lookup against Google 8.8.8.8):
Before:
pi@ph5:~ $ host use-application-dns.net localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:
Host use-application-dns.net not found: 3(NXDOMAIN)
After:
pi@ph5:~ $ host use-application-dns.net localhost
Using domain server:
Name: localhost
Address: ::1#53
Aliases:
use-application-dns.net has address 63.245.208.212
1 Like
Just manually set your router IP as dns server ON the device you don't want to use pihole.
What you really want as far as I understood is skip pihole for a specific client. This would be the easiest solution then if your router can't hand out dns IPs on a client basis
That wont prevent the browser to decide on its own if to use DoH or not.
Read that article carefully:
Its about if that domain resolves or not.
It doesn't matter for his case so no problem there
Your right.
If your router is the only DNS server for the client (and doesnt have Pi-hole configured upstream), the canary domain will resolve to an IP and allow DoH.
But not convenient that way 
The other more convenient solution would be yubiuser's. Just assign an empty group to those clients. OP wanted to use DoH only to circumvent pihole, so there's need for it if he can achieve this in an other fashion.
How nice.
Choices.