I attempted to use the DoH Endpoint (htt***ns3i.cloudflare-gateway.com/dns-query) as the upstream in a proxy dns daemon. It doesn’t seem to work. It won’t resolve or enforce the DNS policies applied in the Gateway > Firewall settings.
The DoH proxy daemon works fine using the standard/public DNS IPs like this. But these obviously don’t enforce any DNS policies.
CLOUDFLARED_OPTS=–address 192.168.10.53 --port 5533 --upstream htt**://1.1.1.2/dns-query htt**://1.0.0.2/dns-query
I setup my browser to use the DoH Endpoint, and it works fine. The DNS policies also works fine when I’m connected via Warp.
Am I missing something? Or is what I’m attempting not supported?
Appreciate any guidance on this. I’m hoping to get DNS policies working via the DoH upstream, without a Warp connection.
If your DoH endpoint from Cloudflare Gateway isn’t enforcing DNS policies through your proxy DNS daemon, check that you’re using the correct endpoint and ensure it’s properly configured with any required authentication.
thanks for your reply. I found out DNSSEC was the culprit. Since it was taking its time validating the overridden resolution (0.0.0.0). It took several seconds to fail each of the blocked sites.