Setting up DoH and DoT at the same time
-
Hello all,
I'm new here and just a little out of date on some of the new DNS implementations.
I have managed to get both DoH and DoT working... DoH through Firefox and DoT through pfsense to cloudflare servers.
I guess my question is, Should I have both implemented at the same time or is it total wtf omg what are you doing overkill? Am I even doing this right?
I'm not trying to hide anything, just to be smart and secure. This setup is just for small home lan config.
I got DoH going through firefox, but redirected from their sneaky attempt to segregate it's mozilla traffic by pointing to https://cloudflare-dns.com/dns-query instead of https://mozilla.cloudflare-dns.com/dns-query
Another question is... Can you get DoH to work using pfsense instead of reconfiguring your browser? I've not seen any mention of it.
Also I have my interfaces in DNS Resolver set to ALL and ALL. This does not seem right to me A config of Network Interfaces LAN and LAN IPv6 and Outgoing Network Interfaces to WAN seem more appropriate. I do not run any local dns. Are my assumptions correct?
Thanks!
-
You can run both if you are OK with that. Personally, I do not like the loss of control over DNS that comes with using an external DoH provider directly on clients.
There is no way to have pfSense act as a DoH server or client.
It might be possible in the future to use nginx to proxy DoH connections to unbound to act like a server, but last I heard, unbound does not plan to support it natively.
-
Awesome, thanks for the info. I changed it back to strictly DoT going directly to cloudflares publics.