Use DNS over HTTPS server for a specific website only

Is it possible to resolve queries for a specific "site.to" to a DoH server like https://dns9.quad9.net/dns-query , so that I can use the default ISP dns servers for everything else.

I read I can use dnsmaq.conf to add something like this:
server=/site.to/8.8.8.8
but 8.8.8.8 will not help me since ISP will block the site and I don't think I can put the DoH url like server=/site.to/dns9.quad9.net/dns-query lol

I have the package HttpDnsProxy but that will add the secure servers for all sites, unless there is a way to do it differently I'm not aware off.

You have to add the local proxy to DNSmasq as a forwarder when using this, so you would just limit it to the site in question.

Try using 127.0.0.1#5053 or whatever you have used by proxy in your server=/site.to/

it is there indeed, but how to limit it only for one site

Do not use the proxy as the default DNS. Configure a server exception instead as @AndrewZ said. Then the only time dnsmasq would use the proxy is for that one domain or site.

but if i have to keep the httpsDnsProxy running for that, it will also affect everything else by default, i would have to remove that proxy listing in DhcpDns/Forwards which will brake resolution

Where exactly can i change it, so the proxy is not the default dns

Merely installing a package like httpsdnsproxy does not make it the default DNS. It becomes another service running on the router on a different port conventionally 5353. If the only thing you have done is install the proxy package and point it at a server, it will never actually be used for DNS. The original dnsmasq configuration running on port 53 is still in effect. dnsmasq will continue to proxy to the regular unencrypted external DNS for names that it does not know.

The next step in the install process would be to set the default DNS to localhost:5353 so that dnsmasq and httpsdns work in cascade. But here you don't actually want to do that. Instead, in the main block of /etc/config/dhcp, add a server exception that has to match the domain you want.

Tell it "Do not update configs"

doh1018×426 65.2 KB

then make sure there are no global forwardings set in dnsmasq configuration.

Still can't make it work. I set it to do not update configs like you showed above, then removed 127.0.0.1 entries from DhcpDns/Forwards but then no Internet at all.

Sorry I don't understand your point. HttpsDnsProxy solves my problem for the specific website, and the specific server I select there becomes the DNS server for everything else. I just want it to work only for one site, not everything else.

Add the DNS server you want to use as the default forwarder. Then add /site/127.0.0.1#5053 (use the correct info for your desired setup).

Delete 3 remained forwards and add one that you need.
Clean "Additional hosts files".
Reboot then post the output of logread | grep dnsmasq

Ok, it works for the specific site, but nothing else works.
I want the ISP DNS to work for everything else, not add some other public DNS server above

Then add it as a forwarder.

Is there a place where I can see the things below in the cli, which file have these entries?

It's in /etc/config/dhcp/. Although if you're not able to do by filling in a box and clicking + in luci then I'm not sure why you think manually editing a file will be easier..

Technically can ping the mysite.to but the iptv app is not working. There is a small problem i think with the port maybe, since the mysite.to is actually mysite.to:8080? Or maybe its not how it works, i don't know

The port has nothing to do with DNS.

I think my subscription expired, so will let you know once i fix it. But probably it will work at this point, even though might not look very elegant as a solution or there could be other ways to do it.