this post was submitted on 02 Jan 2026
85 points (97.8% liked)

Selfhosted

54333 readers
541 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
85
Cloudflare Tunnel: proxy-dns Command Removal 2026 | What are some nice alternatives to encrypted DNS? (mwpro.co.uk)
submitted 1 week ago by xavier666@lemmy.umucat.day to c/selfhosted@lemmy.world
22 comments fedilink hide all child comments
 

Hi everyone,

I have been using cloudflared for DNS-over-HTTPS for the past 5 years and it's been working pretty well. One of the reasons for using it was because my ISP was hijacking my DNS queries and changing it to their own DNS server.

However, I saw this news where the proxy-dns feature in cloudflared is being closed and they are asking customers to shift to their WARP client instead.

I want to know what the community is using for encrypted DNS services (DoH, DoT, DoQ)

Thanks :)

you are viewing a single comment's thread
view the rest of the comments
[–] K3can@lemmy.radio 5 points 1 week ago (1 children)

Are you trying to send the DNS request through the tunnel?

I use DoH, which sends DNS requests through https. It essentially looks like normal https traffic (encrypted), so your ISP shouldn't be able to hijack it and no additional tunnels are required. CF supports doh at the usual 1.1.1.1 address, even, if you want to keep using them. Otherwise plenty of other providers support doh, as well.

[–] biscuitswalrus@aussie.zone 1 points 1 week ago (3 children)

I personally haven't looked at all but I don't fully understand doh. How can you have https before DNS? To get my first query I kind of need to validate through DNS records certificate authority for that site? So to even establish doh you need unencrypted DNS or blind trust of IP?

[–] K3can@lemmy.radio 5 points 1 week ago

You'll need a single DNS request, known as a "bootstrap" request. Your ISP will see a single DNS request to Google or Cloudflare or whatever, then everything after that will just look like normal https traffic.

That said, if your ISP is blocking and denying ALL dns requests for some reason (making the bootstrap request impossible), then you could still define the address locally. At that point, though, the ISP is likely blocking the IP addresses, too, so resolving the address is a bit moot.

[–] stratself@lemdro.id 4 points 1 week ago

Yes you'll need a way to query the domain of the DoH service in plaintext before using it. In many software you can define "bootstrap DNS addresses" to do exactly that. Or you can hardcode the DoH service's IPs, which for most upstream providers are almost always the same as their "normal" IPs anyways

[–] surewhynotlem@lemmy.world 1 points 1 week ago

You define your dns by IP. you get the cert from that IP and automatically trust it.

The cert for validation the server only validate the hostname. It's not useful for IP.