Force Devices to use Pi-hole
a year ago
- #dns
- #network
- #privacy
- Setting up Pi-hole on a Raspberry Pi or Docker is straightforward, but some devices refuse to use Pi-hole DNS due to hardcoded DNS or DNS over HTTPS/TLS.
- Redirect DNS queries on port 53/udp (and sometimes 53/tcp) to Pi-hole by setting up a Source NAT (SNAT) rule on a router like OPNSense or pfSense.
- Block DNS over TLS (DoT) by dropping traffic on port 853 TCP for non-private IP ranges.
- Blocking DNS over HTTPS (DoH) is challenging; use hagezi/dns-blocklist to block DoH services at the DNS level.
- Run your own recursive DNS resolver (e.g., Unbound) for privacy, avoiding reliance on ISP DNS servers.