CF Test page says my DNS isn't encrypted, even though it is?

I’m in the process of setting up Pi-hole + dnscrypt proxy; got them all working, then use CF’s test page to test: (https://www.cloudflare.com/ssl/encrypted-sni/).

It tells me that it can’t tell whether I am or not.

image

All other indicators say that I am however, i.e. other leaktest sites. Why is this? Is it simply because I’m not specifically using CF’s 1.1.1.1 DNS server during the test? (It’s one of about 5 other DNS servers I have in my DNSCrypt list of server to use, which it pulls the one with the least latency at any time, so CF’s isn’t the fastest at that moment.).

Try this link:
https://1.1.1.1/help

But yes, Cloudflare’s DoH/DoT detection only works for 1.1.1.1. Unless a specification or magic CHAOS entry is agreed upon to let DNS lookups find out if DoH is being used, CF’s detection won’t work for other resolvers.

1 Like

That’s what I figured. Thanks guys. :+1: