ads
ads copied to clipboard
c-mueller
Adblocking does not work with doh and dot
With the following config adblocking only works on normal dns not doh and dot.
.:53 https://.:443 tls://.:853 {
tls fullchain.pem privkey.pem
ads
forward . 1.1.1.1
errors
reload
}
Basic Dns:
kdig @127.0.0.1 -p 1053 aoredi.com +short
127.0.0.1
DNS over TLS:
kdig @127.0.0.1 +tls-host=localhost aoredi.com +short
109.206.162.83
Am I doing something wrong or is this intended?
Hey there, first of all thanks for submitting this issue. This is in fact not indended, finding the cause for this is probably a nightmare, because i thought CoreDNS itself would handle the http/tls termination and every call to the plugin would be identical no matter where it originated from. I would presume this assumption was wrong otherwise this would not occur.
However there is a workaround to this which has worked for me in the past, at least for DoT. I will look up the config file later and post it here. The main idea is to open a regular DNS endpoint and DoH / DoT forward to this DNS endpoint. Of course this has some drawbacks but it worked for me some time ago.
The main reason why i am referring to the workaround is a lack of time from my side to fix this issue in the near future. There are just many things that are more important at the moment.
Heres the sample Corefile for the workaround. The last time i used this was with CoreDNS version 1.6.x
tls://.:853 {
forward . 127.0.0.1:4053
tls cert.crt prvkey.key
}
.:4053 {
ads
forward . 1.1.1.1
cache 600
errors
}