- Open
about:config
- Set
network.trr.bootstrapAddress
to ip-address of your DNS server - Set
network.trr.custom_uri
tohttps://here.goes.hostname/dns-query
- Set
network.trr.mode
to2
(fallback if no TRR available) or to3
(to use TRR only) - Set
network.trr.uri
tohttps://here.goes.hostname/dns-query
- Set
network.trr.disable-ECS
tofalse
- Set
network.trr.credentials
to authentication bearer token (something likeBasic dXNlcjpzdXBlcnNlY3JldA==
) - Set
network.security.esni.enabled
totrue
- Visit https://www.cloudflare.com/ssl/encrypted-sni/ and check ESNI
Create new shortcut to Chrome and add following command-line parameters to it
chrome --enable-features="DnsOverHttps<DoHTrial" --force-fieldtrials="DoHTrial/Group1" --force-fieldtrial-params="DoHTrial.Group1:Fallback/true/Templates/https%3A%2F%2Furl.goes.here%2Fdns-query"
How to configure TRR to accept basic authentication? No idea, ¯\_(ツ)_/¯
Configuration as follows: Nginx DoH (LE HTTPS) > DoH Server (127.0.0.1:8053) > Pi-Hole (127.0.0.1:53) > DNSCrypt (127.0.2.1:53) > Cloudflare
https://www.aaflalo.me/2018/10/tutorial-setup-dns-over-https-server/
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-on-Debian-and-Ubuntu
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0
https://github.com/commonshost/dohnut
No DNS resolution after uninstalling Pi-Hole - pi-hole/pi-hole#2148
Make Pi-Hole listening to loopback interface only while keeping Web UI exposed outside
$ head -n2 /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=eth0
PIHOLE_INTERFACE=lo
$ grep 'interface' /etc/dnsmasq.d/01-pihole.conf
interface=lo
$ cat /etc/dnsmasq.d/02-local.conf
listen-address=127.0.0.1
interface=lo
bind-interfaces
Set nginx robots.txt to disable crawlers
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
Handle [ERROR]: Unable to parse results from queryads.php: Unhandled error message ()
error message
- Set
fastcgi_param FQDN true;
, see https://github.com/pi-hole/docs/blob/master/docs/guides/nginx-configuration.md - Change
$serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);
to$serverName = htmlspecialchars($_SERVER["SERVER_ADDR"]);
inside/var/www/html/pihole/index.php
file
Password protected areas
printf "abc:$(openssl passwd -apr1 def)\n" | sudo tee /etc/nginx/.htpasswd
echo -n "abc:def" | base64 -w0; echo
Permissions to gravity.db
usermod -a -G pihole www-data
https://tls13.1d.pw/ (only two cats, I repeat two cats)
How to integrate dnsmasq into systemd dns resolver