[Crinus]

Doesn't DNS over HTTPS and HSTS bypass pihole?

(isn't it funny how every single "modern web security" feature, from DNS over HTTPS, to HSTS even to HTTPS itself always ends up with someone giving up control to 3rd parties yet this is always dismissed and pushed through insane amounts of peer pressure - usually by people who have vested interests in those 3rd parties - because 'security'?)

[kasey_junk]

My network is setup so local dns goes to the pi-hole which uses dns over https.

[detaro]

DNS over HTTPS against a server you can't choose would do so, yes.

[fenwick67]

You could still shut down the initial DNS query for the dns-over-https provider and make it unreachable

[NetBeck]

Some people refuse devices that do not accept DHCP assigned DNS servers.[1]

[1] https://mailarchive.ietf.org/arch/msg/dnsop/WCVv57IizUSjNb2R...

[tracker1]

You can also reroute port 53 traffic not from your internal dns server to your dns server...

[thedanbob]

So does simply using a different DNS server than the network supplies, unless you’re blocking port 53.