Hacker News new | past | comments | ask | show | jobs | submit login

> I'm sure Pi Hole will have DoH support ...

We'll see.

Pi Hole uses DNSmasq as its DNS (and DHCP) server, and the few DNSmasq mailing list threads I've seen on the topic seem to indicate that the DNSmasq developers are not interested in either DoT or DoH. One said that it would be difficult to implement because of architectural issues IIRC.

It may be necessary to use a front-end proxy:

* https://dnsdist.org/

DNSmasq needs to be replaced with something more secure in any event. Hopefully implemented in a memory-safe programming language.


PiHole has already merged a patch[1] to disable DoH via the global canary[2].

[1] https://github.com/pi-hole/pi-hole/pull/2915 [2] https://use-application-dns.net/

Pi Hole already has documentation on how to use DoH with it, and it already works:


Note: this is using cloudflared but that's just a DoH, it can and happily will query whatever provider you tell it to.

That's for upstream queries, I think we're talking about the connection from the devices to the PiHole.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact