DNS Over TLS - What are the recommendations for a home network?

Fedora 35 will include built-in support for DNS Over TLS (DoT) if the upstream DNS provider supports it. If you use Android based phones or tablets, recent versions of the OS also use DoT. I would like to implement DoT on my home network and was wondering what other Fedora users are considering or already have in place? I currently use Pi Hole to provide DNS services on my home network with the Pi Hole server using a DNS Over HTTPS client as the ‘upstream’ DNS provider.

I see the following as desirable characteristics for a home or small office DNS service:

  1. accepts standard DNS traffic (unencrypted TCP/UDP traffic on port 53) for clients that require it;
  2. accepts DoT traffic if the client machine can use it;
  3. provides ad blocking like the Pi Hole;
  4. uses encryption to connect to the external DNS service (isp, or google, cloudflare, etc);
  5. deployable via container(s)


Just configure your pihole to use DoT instead of DoH if that is what you want.

That will meet all your needs except for 2 which could be done but doesn’t seem like it is worth the benefit.

1 Like