I am currently setting up an adblock-solution for all my devices. I figured the best way to do this would be Pi-Hole. (Answers normal DNS-Requests on Port 53) I want to be able to use my DNS-Server not only from the local network but also from the internet in general. Androids "DNS over TLS" aka "Private DNS" feature seems like a valid solution as it handles all DNS requests by apps that use the standard API. Pi-Hole does however not support DNS over TLS and Android requires a Domain to connect to. (I do however have a hostname and a certificate for the same network the adblock-server runs on) How do I combine the different protocols so that I can use my adblockserver android-wide? (If you think this is not the correct approach, the device is also rooted)
Asked
Active
Viewed 1,151 times
1 Answers
0
Just run a DoT (DNS Over TLS) or DoH (DNS over HTTPS) proxy in front of the normal UDP Port 53 DNS server on your Pi-Hole device, this can run on the same device.
There are a few (Google "DNS over TLS or HTTPS Proxy"), but I'll pitch mine https://github.com/hardillb/dns-over-https
hardillb
- 1,552
- 2
- 12
- 23
-
I assume I can run the proxy on a different machine (I don't want to transmit the certificates to the adblock-machine)? Does this plug into an apache2 server? – Valentin Metz Feb 20 '20 at 11:56
-
Running on a different machine is fine. No a DoT proxy will not plug into Apache, but you can do it with nginx (as long as the target DNS supports TCP). A DoH proxy could be proxied behind Apache if needed. – hardillb Feb 20 '20 at 11:59
-
I have so far not used Proxies behind my Webserver. The apache only hosts a nextcloud-server for myself, so switching to nginx is possible. However I'd like to try out the "proxy behind" approach. Can you point me in the right direction for what I need to do to achieve that or where I can read up on it? – Valentin Metz Feb 20 '20 at 12:22
-
https://dnsprivacy.org/wiki/display/DP/Using+a+TLS+proxy – hardillb Feb 20 '20 at 12:23