| unifi-os | ||
| .gitignore | ||
| blockedhosts.go | ||
| cache.go | ||
| config.go | ||
| doh-hole.service | ||
| doh.go | ||
| go.mod | ||
| go.sum | ||
| gopher.png | ||
| Justfile | ||
| LICENSE | ||
| main.go | ||
| README.md | ||
| test.go | ||
| TODO.md | ||
| util.go | ||
DNS over HTTPS Black Hole
Tiny secure DNS resolver with block list in Go
Uses https://quad9.net and StevenBlack/hosts
Motives:
- Pi-Hole isn't a single static purego binary
- DoH required for untrustworthy ISPs
- UnifiOS sucks
Installation
-
Make sure
/etc/resolv.confisn't getting overwrittenhttps://wiki.archlinux.org/title/Domain_name_resolution#Overwriting_of_/etc/resolv.conf
For NetworkManager, write
/etc/NetworkManager/conf.d/dns.conf[main] dns=none -
Build and install with
just install
Please read Justfile before running -
Update
/etc/resolv.confwithnameserver 127.0.0.1 -
Verify using
- https://on.quad9.net
- any from StevenBlack/hosts
drill TXT doh.hole
systemd-resolved
https://wiki.archlinux.org/title/Systemd-resolved
-
Write
/etc/systemd/resolved.conf.d/dns_servers.conf[Resolve] DNS=127.0.0.1 Domains=~. FallbackDNS= -
Replace
resolv.confand enablesudo rm -f /etc/resolv.conf sudo ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf sudo systemctl enable --now systemd-resolved.service -
resolv.confwill probably use127.0.0.53
Check usingresolvectland above methods
UniFi OS
-
Build with
just buildarm64and place in/data/doh-hole -
Copy
unifi-os/doh-hole.service
to/etc/systemd/system/doh-hole.service -
Enable and start service
systemctl daemon-reload systemctl enable --now doh-hole.service systemctl status doh-hole.service -
Make sure encrypted DNS is disabled in settings
and set DNS under internet to127.0.53.54