Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting up DoH and DoT at the same time

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 831 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Repo
      last edited by Repo

      Hello all,

      I'm new here and just a little out of date on some of the new DNS implementations.

      I have managed to get both DoH and DoT working... DoH through Firefox and DoT through pfsense to cloudflare servers.

      I guess my question is, Should I have both implemented at the same time or is it total wtf omg what are you doing overkill? Am I even doing this right?

      I'm not trying to hide anything, just to be smart and secure. This setup is just for small home lan config.

      I got DoH going through firefox, but redirected from their sneaky attempt to segregate it's mozilla traffic by pointing to https://cloudflare-dns.com/dns-query instead of https://mozilla.cloudflare-dns.com/dns-query

      Another question is... Can you get DoH to work using pfsense instead of reconfiguring your browser? I've not seen any mention of it.

      Also I have my interfaces in DNS Resolver set to ALL and ALL. This does not seem right to me A config of Network Interfaces LAN and LAN IPv6 and Outgoing Network Interfaces to WAN seem more appropriate. I do not run any local dns. Are my assumptions correct?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can run both if you are OK with that. Personally, I do not like the loss of control over DNS that comes with using an external DoH provider directly on clients.

        There is no way to have pfSense act as a DoH server or client.

        It might be possible in the future to use nginx to proxy DoH connections to unbound to act like a server, but last I heard, unbound does not plan to support it natively.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • R
          Repo
          last edited by

          Awesome, thanks for the info. I changed it back to strictly DoT going directly to cloudflares publics.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.