Does https-dns-proxy protect against DNS hijacking?

I followed this guide and installed https-dns-proxy:

My understanding is that it protects against DNS leak but I am not sure about DNS hijacking. Do I have to set up DNS interception as well for that? Like this for example:

1 Like

1st link is for setting up secure DNS lookups from your router (and indirectly clients).
The 2nd for intercepting rogue DNS calls, from your network devices, not honoring the
DNSes provided by your DHCP.

1 Like

I think this is why DNSSEC is a thing to make sure this does not happen, you can use unbound to use this feature, but you would also need the full dnsmsq to use this feature.

I would not recomend removing it and installing the full version there is a proper method on how you can switch from one to another.

I think this is the gude I used to setup such a service

Thank you for your help, I think I get it now. I found this option in LuCi meanwhile:

And did a quick test with one of my clients where I set it to use my ISP's DNS. I went to and saw Google and Cloudflare DNS servers only so I think I can conclude such rogue DNS calls can not happen.

The built-in hijacking method provided by https-dns-proxy has some limitations:

  • Hardcoded for LAN network only.
  • Cannot block DoH.

The DNS hijacking in the wiki article can solve the above problems.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.