Cloudflare DoH is safe?

hello,
i’d like to know if cloudflare doh is privacy safe or not because i’d like to implement it in my pi-hole local server, but i have read many different opinions.

Or is just better use a non-logging dns service like dns.watch ?

Depends a bit on who your are defending against, if its against local attackers, or your ISP(note tho that your ISP can still see your domain your connecting to if it doesn’t use ESNI, and the IP if it does support ESNI, but it will protect your from modified/mitm’d DNS requests in any case), its safe, however, I won’t recommend it to protect against government surveillance, for this one should use Tor browser.

We have a discussion at GitHub and I think currently there is no recommendation as there aren’t many OpenNIC resolvers supporting either DoH/DoT. In Cloudflare-Tor again they recommend disabling DoH entirely which I have opened an issue about, because Firefox requires it for eSNI support which seems unlikely to change soon even on Android which supports DoT natively.

Personally I am using Quad9 in Firefox, my config can be found here and currently my DNSCrypt-proxy config uses the fastest server which promises to not log or filter etc. (the public copy is a bit outdated apparently as it has Quad9 explicitly selected), but it always picks Cloudflare and Debian’s dnscrypt-proxy is one version too old for excluding Cloudflare which I would do as I worry about them being too big and getting selected over smaller providers due to their speed.

I hope anyone gets anything useful out of this comment as I seem to have gotten a bit carried away and written a bit other things than you asked and I think I may have put a bit too many links.

1 Like

thanks for the feedbacks, I was just worrying about the surveillance.

1 Like

Thanks for sharing this, I love your site!

1 Like