I installed Pihole v5.0 and Cloudflared v2020.5.1 onto a Raspberry Pi 3B+. I am able to access the internet without issue. I’m new to this whole world of networking, but competent with coding.
How can I confirm that the DNS-over-HTTPS is working and that my DNS queries are encrypted?
I have visited https://18.104.22.168/help, and this is the output:
|Connected to 22.214.171.124
|Using DNS over HTTPS (DoH)
|Using DNS over TLS (DoT)
|Using DNS over WARP
|Cloudflare Data Center
Connectivity to Resolver IP Addresses
I would interpret this to mean it’s not working.
However, I wasn’t sure if the following two considerations would impact the result:
- I’m using Pihole in conjunction with Cloudflared
- I’m using Google Chrome
I downloaded and learned how the basic of Wireshark (https://www.wireshark.org). I can now see which traffic is and isn’t encrypted.
The only way I can get encrypted traffic is by using Firefox, and changing the DoH setting to be Cloudflare.
That means Firefox is bypassing your PiHole. Where did you install Wireshark? Your devices are supposed to be using your PiHole’s IP address for DNS. I don’t know how to test a Raspberry for DoH without actually firing up a browser. Maybe another @MVP has gone through this.
Obvious point but when using wireshark make sure you’re checking the traffic between pihole and 126.96.36.199 and not between your local host and pihole (which will always be unencrypted unless you use DoH in Firefox, but that defeats the purpose of having pihole). The best way to do this is get a tcpdump on your pihole or router and pipe it back into wireshark for analysis.
Also, again obvious, make sure your client is using your pihole IP only for DNS and isn’t also set up with 188.8.131.52 as secondary. Purging the DNS cache (manually or just via a reboot) will also be necessary as you test between changes.
Personally I prefer to use the tool
cloudflared to provide the DoH ‘bridge’. If you continue to have trouble consider trying that. It’s awesome and there’s plenty of guides looking regarding integrating it into a pihole setup.
Thank you both for the replies and help.
As I mentioned, I’m a little new to this…
So, by using either cloudflared or dnscrypt-proxy, the encryption is only between the pihole and the DNS resolver? There would be no encryption between by computer and the router/pihole, correct?
This topic was automatically closed after 14 days. New replies are no longer allowed.