Hacker News new | past | comments | ask | show | jobs | submit login

I'm sure Pi Hole will have DoH support, so it should be fine as long as you can still change the server (in the browser and/or OS). The only snag might be mobile apps, in case they hardcode a DNS/DoH server instead of using the system config; that may be hard to change without rooting the device.



> I'm sure Pi Hole will have DoH support ...

We'll see.

Pi Hole uses DNSmasq as its DNS (and DHCP) server, and the few DNSmasq mailing list threads I've seen on the topic seem to indicate that the DNSmasq developers are not interested in either DoT or DoH. One said that it would be difficult to implement because of architectural issues IIRC.

It may be necessary to use a front-end proxy:

* https://dnsdist.org/


DNSmasq needs to be replaced with something more secure in any event. Hopefully implemented in a memory-safe programming language.

https://www.cvedetails.com/vulnerability-list.php?vendor_id=...


PiHole has already merged a patch[1] to disable DoH via the global canary[2].

[1] https://github.com/pi-hole/pi-hole/pull/2915 [2] https://use-application-dns.net/


Pi Hole already has documentation on how to use DoH with it, and it already works:

https://docs.pi-hole.net/guides/dns-over-https/

Note: this is using cloudflared but that's just a DoH, it can and happily will query whatever provider you tell it to.


That's for upstream queries, I think we're talking about the connection from the devices to the PiHole.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: