Routing DNS over HTTPS Using Raspberry Pi

Posted September 8th, 2020 in draft

DNS is a protocol from the late 1980s, and today at its core DNS is still exactly the same protocol. When it was conceived, there wasn't the same privacy focus as there is today, and one of the main drawbacks with the protocol is that queries and responses are not encrypted nor tamper proof when sent over the internet.

DNS over HTTPS is a newer take on the original DNS protocol, which routes queries over secure HTTP connections. While this is seeing some support (namely in Firefox and Windows 10), many devices on your network will continue to send DNS queries over UDP for years to come.

UDP Queries via HTTPS

I have been interested in how DNS works for a while now, and a few weeks ago started writing a DNS client/server in .NET Core. There are clients for HTTPS, TCP and UDP, any of which can be used by the server.

This allows UDP DNS queries to be routed directly to a DNS over HTTPS (DoH) endpoint. If the server is set up on an IoT device like a Raspberry Pi and set as the default DNS server for the network, all UDP queries from devices on that network will be sent to your DNS provider via DoH.

Setting Up The Server

netsh advfirewall firewall add rule name="aedns" dir=in action=allow protocol=UDP localport=53
schtasks /create /tn "aedns" /tr "C:\Data\aedns\Ae.Dns.Console" /sc onstart /ru SYSTEM