Make DOT and DOH optional when encryption activated

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server

https://adguard.com/adguard-home/overview.html

GNU General Public License v3.0

25.76k stars 1.85k forks source link

Make DOT and DOH optional when encryption activated #3961

Closed Gandulf78 closed 2 years ago

Gandulf78 commented 2 years ago

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

[X] I am running the latest version
[X] I checked the documentation and found no answer
[X] I checked to make sure that this issue has not already been filed

Problem Description

I am using Adguard Home on my home network only so I am not really interested in the DOH and DOT features. I am interested in HTTPS though.

Proposed Solution

To make DOH and DOT optional with a checkbox to deactivate them while encryption is activated for HTTPS.

schorschfunke commented 2 years ago

If you dont set a port for DoT and DoQ they are disabled, afaik.

EugeneOne1 commented 2 years ago

@Gandulf78, hello. As @schorschfunke said, it's possible to set 0 for values of DNS-over-TLS and DNS-over-QUIC ports on the encryption settings page to disable the appropriate protocols. Could you please verify this is what you wanted to achieve?

Gandulf78 commented 2 years ago

Hello. All right. I suppose it is working (not 0 but rather empty field). There's no such possibility for DOH though. I don't like the idea to let services opened if I am not using them. Doesn't seems like a good practice to me.

ainar-g commented 2 years ago

If you bind to 127.0.0.1, only requests from your machine can reach it. There is also the block/allowlist option on the “Settings → DNS settings” page, where you can disable all service for all IPs and subnets except the ones you put in there.

Separate configurations for the HTTPS web interface and DoH are coming in v0.108, so I'll close the issue now.