use Pi-hole as a way to proxy chosen domains only

I found a service called Shecan.ir that uses DNS to proxy traffic for services that blocked access to a country. I’m guessing they reply adobe.com for example with an IP address which is a proxy server and just forward traffic.

this is a very smart way of using DNS to hide your identity or remove geo-restrictions on services like Youtube. For me though, this can help me forget about VPNs and just use a proxy for services that is blocked in my country.

Shecan is not open source and it’s not a good idea to forward your traffic to someone else. I was thinking this is something Pi-hole can handle since it already has so many features needed for this. It just needs to add the third mode besides blacklist and whitelist.

I’m so into adding this feature to Pi-hole. If anyone here can help me get the ball rolling.

Wouldn’t this require some kind of intervention for masking the TLS of the target? If yes, then this will not happen with Pi-hole.

I don’t think so. It just routes the traffic as a proxy would.

Is the intent then that Pi-hole would then proxy all traffic for the target sites?

yep. If someone adds twitter.com to the list for example, I’m ok with having all *.twitter.com going through a proxy.

this is a cool feature. it would be super easy to add proxy to all kinds of devices and it doesn’t send all traffic to a single server which makes it both super quick and harder to detect user is using a proxy.

for the proxy side, simple SOCKS proxy works just fine (it could be even a shadowsocks client which creates a local SOCKS)

There are no plans to install a proxy as they don’t work for TLS/HTTPS.

it will work Dan. There is already a similar service called shecan[dot]ir. the issue is, this is a state (Iran) owned service and we all know what they do with people’s data. Also, they don’t block ads either.

We are a DNS server, if you can find a way that will work purely via DNS records then it’s something to look at. If if involves proxy of all traffic and MITM with installing self-signed certs on every device then this is not the project to use.