User avatar
XueHai8
Posts: 37
Joined: Mon Jul 24, 2017 12:19 pm

Pi as DNS Forwarder using DoH (DNS over HTTPS)

Mon Apr 16, 2018 4:35 am

Who's up for a real challenge???!
There are similar questions on CloudFlare and OpenVPN forms, but no solutions. Hopefully some expert here can point me in the right direction.
Briefly:

I have OpenVPN CLIENT installed on my Pi and is acting as a Gateway for my wireless router, so that all devices connected to that router go through OpenVPN Client to its Server. This all works well and has been working for a few years now.

While this is nice and secure, I still wanted to protect my privacy by enabling Encrypted DNS using CloudFlare's free DNS over HTTPS from the ISP on the other side of the VPN (whomever they may be).

So I installed CloudFlared service on my same RPI OpenVPN using the instructions found here: https://bendews.com/posts/implement-dns-over-https/
And have it set to port 53 (DNS) and it is indeed listening on that port and responds as expected with the

Code: Select all

dig @127.0.0.1 -p 53 google.com
test.

Now to get it to work with the OpenVPN client...

So I set the Primary DNS server on that router to be my Pi's IP address, say 192,168.3.3, but when I do an

Code: Select all

nslookup all
on my PC I get timeouts on 192.168.3.3

I even tried adding:

Code: Select all

dhcp-option DNS 192.168.3.3:53
and

Code: Select all

dhcp-option DNS 127.0.0.1:53
To the OpenVPN Client config on the Pi.
Still no joy.
Any ideas what I might be doing wrong or what to look for?
Hope someone can help or point me in the right direction.
Thanks!

avern24
Posts: 1
Joined: Wed Apr 18, 2018 2:40 am

Re: Pi as DNS Forwarder using DoH (DNS over HTTPS)

Wed Apr 18, 2018 2:46 am

Can you double check that it is bound to 0.0.0.0:53 and not just 127.0.0.1:53?

dariuszb
Posts: 20
Joined: Sun Feb 21, 2016 3:55 pm

Re: Pi as DNS Forwarder using DoH (DNS over HTTPS)

Sat May 12, 2018 12:45 pm

Have had the same issue. I have fixed it by changing cloudflared dns address from 127.0.0.1 to local IP address in my case 192.168.1.2

/etc/cloudflared/config.yml

Code: Select all

proxy-dns: true
proxy-dns-upstream:
 - https://1.1.1.1/dns-query
 - https://1.0.0.1/dns-query
proxy-dns-address: 192.168.1.2

Return to “Advanced users”