DNS over HTTPS (DoH) support

[jimaldon]

Incoming DoH With the current configuration it looks like DoH requests (default in Firefox iirc) will completely bypass pihole.

Is there a solution that could decrypt DoH from clients in network, pass it through wirehole and potentially encrypt them again (cloudflared, stubby etc)?

Or is the solution simply to manually ensure every client on the network has DoH disabled?

Outgoing DoH This should be possible with unbound. It would be a good effort to dockerize it, with auto cert generation on docker-compose.