Pi-hole DNS-over-HTTPS Setup Guide

This guide will help you configure your devices to use Pi-hole with DNS-over-HTTPS to bypass ISP DNS blocking.

Why Your Router's DNS Settings Aren't Working

Many ISPs now block or hijack standard DNS traffic (port 53) to force you to use their DNS servers. This prevents your router's DNS settings from working correctly with Pi-hole.

The solution is to use DNS-over-HTTPS (DoH), which encrypts DNS traffic and sends it over HTTPS (port 443), which ISPs cannot block without breaking the entire web.

Option 1: Configure Individual Devices (Recommended)

The most reliable approach is to configure DNS-over-HTTPS on each device:

Windows 11

  1. Go to Settings > Network & Internet > Advanced network settings
  2. Click on "DNS server assignment"
  3. Select "Edit"
  4. Turn on "IPv4" and set Preferred DNS to 198.58.123.6
  5. Enable "Encrypted DNS" and select "Encrypted only (DNS over HTTPS)"

Android

  1. Install the "Intra" app from Google Play Store
  2. Open Intra and tap "Settings"
  3. Tap "Select DNS server"
  4. Tap "Custom server" and enter: https://198.58.123.6/dns-query

iOS 14+

  1. Go to Settings > Wi-Fi
  2. Tap the (i) next to your Wi-Fi network
  3. Tap "Configure DNS" and select "Manual"
  4. Add 198.58.123.6 as your DNS server
  5. For iOS 14+ with DoH support, install the "DNSCloak" app and configure it to use https://198.58.123.6/dns-query

Firefox

  1. Go to Settings (about:preferences)
  2. Scroll down to "Network Settings"
  3. Click "Settings"
  4. Scroll down and check "Enable DNS over HTTPS"
  5. Select "Custom" and enter: https://198.58.123.6/dns-query

Chrome

  1. Go to Settings
  2. Click on "Privacy and security"
  3. Click on "Security"
  4. Enable "Use secure DNS"
  5. Select "Custom" and enter: https://198.58.123.6/dns-query

Option 2: Configure Your Router (If Supported)

Some modern routers support DNS-over-HTTPS. Check your router's documentation for DoH support.

DD-WRT Router

  1. Log in to your router's admin interface
  2. Go to Services > Services > DNSCrypt
  3. Enable DNSCrypt
  4. Set the resolver to https://198.58.123.6/dns-query

OpenWrt Router

  1. Install the https-dns-proxy package
  2. Configure it to use https://198.58.123.6/dns-query

Testing Your Connection

To test if your DNS-over-HTTPS is working correctly:

  1. Visit https://1.1.1.1/help to check if DoH is working
  2. Visit CNN.com to see if ads are being blocked
  3. Check the Pi-hole dashboard at http://198.58.123.6:8080/admin to see if your queries are being logged

Troubleshooting

Issue Solution
No queries showing in Pi-hole dashboard
  • Verify your DoH configuration is correct
  • Clear DNS cache on your device
  • Try a different device or network
Still seeing ads
  • Check if the domain is in Pi-hole's blocklist
  • Some ads may be served from the same domain as content
  • Try adding more blocklists in Pi-hole
Connection issues
  • Temporarily disable DoH to test if that's the issue
  • Check if your ISP is blocking HTTPS to your server
  • Try using a VPN as a last resort