| I got tired of running a Pi-hole + unbound sidecar just to get encrypted upstream DNS (DoT), so I forked pi-hole/FTL and added native DNS-over-TLS support directly into the resolver (mbedTLS is already linked in for the web server, so I reused it). The result is pihole-dot a drop-in Pi-hole image with DoT built in. What it is: - Architecture: each upstream server gets a small pool of pipelined TCP+TLS connections (RFC 7766-style multiple queries in flight per connection, demultiplexed by DNS transaction ID), instead of one query at a time per connection. Screenshot from my own router running pihole-dot right now config is a normal, unlocked Pi-hole DNS Settings page Docker Hub: https://hub.docker.com/r/ismkdc/pihole-dot Repos: - https://github.com/ismkdc/FTL-DoT - https://github.com/ismkdc/docker-pihole-dot [link] [comments] |
Wednesday, July 1, 2026
pihole-dot: Native DNS-over-TLS in Pi-hole's FTL (no unbound/stubby sidecar needed)
Labels:
adblock
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment