Setting up DoH and DoT at the same time

  • Hello all,

    I'm new here and just a little out of date on some of the new DNS implementations.

    I have managed to get both DoH and DoT working... DoH through Firefox and DoT through pfsense to cloudflare servers.

    I guess my question is, Should I have both implemented at the same time or is it total wtf omg what are you doing overkill? Am I even doing this right?

    I'm not trying to hide anything, just to be smart and secure. This setup is just for small home lan config.

    I got DoH going through firefox, but redirected from their sneaky attempt to segregate it's mozilla traffic by pointing to instead of

    Another question is... Can you get DoH to work using pfsense instead of reconfiguring your browser? I've not seen any mention of it.

    Also I have my interfaces in DNS Resolver set to ALL and ALL. This does not seem right to me A config of Network Interfaces LAN and LAN IPv6 and Outgoing Network Interfaces to WAN seem more appropriate. I do not run any local dns. Are my assumptions correct?


  • Rebel Alliance Developer Netgate

    You can run both if you are OK with that. Personally, I do not like the loss of control over DNS that comes with using an external DoH provider directly on clients.

    There is no way to have pfSense act as a DoH server or client.

    It might be possible in the future to use nginx to proxy DoH connections to unbound to act like a server, but last I heard, unbound does not plan to support it natively.

  • Awesome, thanks for the info. I changed it back to strictly DoT going directly to cloudflares publics.

Log in to reply