|
|
|
|
|
|
by tablespoon
1340 days ago
|
|
|
> PiHole arguably is getting less effective with each passing year as alternate DNS resolution methods like DNS over HTTPS etc gain traction, and defeating DNS over HTTPS is s a whack-a-mole game today, all you can really do is try to blacklist known DNS over HTTPS server IPs, which is a running battle. Aren't blocking ads another whack-a-mole? So it seems like more of the same. Also, aren't there proxies that you can setup that can inspect HTTPS connections (so long as you install the proxy's cert on your machine). I suppose the whack-a-mole might be more practical if a few people used those regularly along with some kind of automated scanning for DNS over HTTPS. |
|
|
For PiHole today, most everything comes over port 53, and thus easy to track, monitor and block as required.
Tomorrow, DNS requests can be on any port, to any server, on any protocol. This makes trying to use a single point of control like the PiHole so much harder than it was in the past. Who is to say next week its HTTPS as the encrypted transport for DNS? Use whatever bizarre encryption scheme you like. It's your app... The app can just ignore whatever DNS server you suggested via DHCP or whatever and go back to its homebrew domain name resolution system.