Dohnut with Pi-hole
Pi-hole is an effective way to block ads across all devices on a network. It provides many powerful options and is easy to deploy and manage.
Dohnut works with Pi-hole as a local upstream DNS server. Dohnut encrypts outbound DNS queries and can load-balance between multiple DoH providers for performance and privacy benefits. Additional countermeasures supported by Dohnut can be enabled to deter tracking even by DoH providers.
Table of Contents
Dohnut can run on the same device as Pi-hole. A popular approach is to set up Raspbian Linux on a Raspberry Pi.
Run Dohnut in Docker or run Dohnut with systemd.
Pi-hole exposes a DNS server on port
53/udp. Dohnut can avoid conflict by running on a different port, for example
The only DNS "client" talking directly to Dohnut will be Pi-hole. If both are deployed on the same machine, Dohnut can be restricted to allow only on local connections by listening on a loopback interface
Specify any other command line interface options as needed. These options can be passed to the
dohnut command directly, via a JSON file (e.g.
--options dohnut.json), or as arguments to the Docker image using
$ dohnut \ --listen 127.0.0.1:53000 \ --doh cleanbrowsing cloudflare commonshost quad9 \ --countermeasures spoof-queries spoof-useragent
See the Pi-hole documentation for installation instructions.
Access the Pi-hole dashboard and log in as administrator.
https://pi.hole/admin (or the Pi-hole's IP address)
Go to: Settings > DNS > Upstream DNS Servers > Custom 1 (IPv4)
Enter the Dohnut IP address and port using the hash syntax (
address#port). Enable its checkbox.
Disable any other Upstream DNS servers to ensure all DNS queries make use of Dohnut.
All your DNS queries through Pi-hole are now encrypted and load balanced for enhanced security, privacy, and performance.