[pretty_bubbles]

Having a pihole still doesn't prevent applications from using another resolver - for example dig example.com @8.8.8.8 You'd also need to block all other DNS traffic. And even after that, it's tricky, as applications that are not a browser might be doing this with a hardcoded DoH provider.

[foobarbazetc]

There’s a way to redirect any port 53 traffic back to your pihole if you have enough control over the gateway, but I don’t know if it’s worth doing. Breaks a bunch of things you’d normally do to debug whatever.

[topranks]

Been doing this a few years, after seeing lots of apps and devices using 8.8.8.8 despite being given my resolver back via DHCP (so obviously hard-coded into them and they’re ignoring os dns.)

No practical drawbacks so far, although I have found many “open resolvers” online from my home, only to realize it’s the redirection messing things up.

[the8472]

instead of redirecting you can log it so you can identify suspicious apps

[stupidthrottle]

> It would be nice if these apps could detect whether the system is using DoH and only fall back to their own DoH resolver in the case they're using "legacy" DNS.

In which case these applications are either broken or malware.

The application needs to fix that by using DNS supplied by the OS, as everyone should do.

[zaarn]

There are plenty of reasons to use a different resolve on app vs OS level, not only for malware or "broken" applications.

The DNS setting by the OS, just like the proxy settings, is a first suggestion on how to connect.

Chrome will contact 8.8.8.8 in certain circumstances and Firefox has DoH. Both can set proxy settings different from system via various means.