While all other browsers use the DNS set in Windows when you disable “secure DNS,” Brave doesn’t. Brave continues to use Cloudflare. This is a big problem, as it doesn’t connect to my Pi-Hole’s DNS. There’s no setting in brave://flags to disable this. How come the developers aren’t fixing it, instead of focusing on Leo Ai and Crypto? How can i use my pi-hole ipv4 DNS on brave? Thanks
Don’t forget the setting UNDER “Use Secure DNS”, which is “Select DNS provider” which has “OS default” as an option.
Tried this setting too, but keep using Cloudflare. Even if the only DNS on my OS is 192.168.1.165 (Pi-hole DNS with Quad9 as primary) This thing is driving me crazy
Can you paste your version from brave://version/? Are you on Brave Nightly or Beta or Release?
Can you also clarify if you see different behavior on Google Chrome?
1 Like
Might help . . .
Clear host cache, close idle sockets, and flush socket pools
In a Brave browser New Window, go to:
brave://net-internals/#dns
and click on Clear host cache
In a Brave Browser New Window, go to:
brave://net-internals/#sockets
and click on both
Close idle socketsFlush socket pools
Restart Brave Browser.
How to flush DNS cache in Windows OS:
‘https://www.wikihow.com/Flush-DNS’
Other info:
| Brave | 1.84.141 Chromium: 142.0.7444.176 |
|---|---|
In all other browsers based on Chromium or Firefox, simply disable the “safe DNS” feature and the browser will automatically use my OS’s DNS. Except for Brave, there’s no way to do this on Brave. It will always use Cloudflare’s DNS… Regardless of which option you choose
Unfortunately, it didn’t work 
I can’t actually test this, because my firewall and thus Windows (as my DHCP sets all hosts to use the firewall for DNS) is using Cloudflare, so even if I turned on use the OS setting here, I indeed would be using Cloudflare.
Thanks that’s helpful.
Can you send a screenshot of what you see in brave://settings/security? This is what mine looks like.
Can you also send what you see if you go to brave://flags/#fallback-dns-over-https?
Lastly, can you go to https://browserleaks.com/dns and send a screenshot of what you see there? (Feel free to blank out location and IP address or to just email me on ssahib at brave dot com, I’m just interested in ISP names).
Heh, my firewall works so dang good it thinks I’m my own DNS server (the DNS server this site is claiming is my own public facing IP, which does provide DNS, but not on the WAN side, only LAN side. WAN has NO open ports of any kind.)
But this does prove it works, IF brave is using your PiHole, and you see your own IP, it means it’s not hitting Cloudflare.
However, when I did configure Brave specifically to use Secure DNS and “Cloudflare” then yes this site changed:
But yea, keep in mind, if you see your own IP it doesn’t mean you’re own your ISP’s DNS like the site is attempting to “automatically claim”, if it’s YOUR IP, it just means the DNS server is local to you. Wanted to explain this little trap for young players who may not be networking savvy.
To double-check: if you disable the Secure DNS setting, then you do see the expected behavior i.e. Brave uses the OS’s DNS, and not Cloudflare’s?
1 Like
As I’m not the original poster, I can at least say since it’s working “as advertised” here:
Secure DNS on or off: It’s hitting my Firewall (since my Firewall supports secure DNS).
It literally follows what DNS provider to use in the pull down. If I select use OS, it does work.
What I cannot test as my environment is big (I’m sure you can tell from the 10 dot IP), is turn off secure DNS on my firewall, but leave it enabled in Brave to see if it suddenly tries using Cloudflare as a fallback ignoring the menu.
But as of right now, turning OFF secure DNS follows the menu to the T as it should be. Just not for this poster for some reason.
1 Like
Right, was just double-checking that you were not running into the same issue.
@Lorax please let me know the details I asked here: Brave browser keep overwriting my Windows DNS - #11 by shivan
And the DNS servers?
Yea, what’s browser leaks saying? From what I see, it’ll show your own IP if you actually are hitting your PiHole, or obviously Cloudflare if it’s still ignoring it. A screenshot of that page would be excellent, but only do so if you can block out the last two octets of the IP.
(An octet is each number between each dot. So when I say block out the last two octets, that means like this in my example:
Since you’re on Windows, the snipping tool is what I find easiest to do this with.)
(Fun fact: It’s called an octet, because in binary, each set of numbers between each dot are 8-bits, like octo. It’s also why each number cannot be higher than 255, so now when you watch a movie and an IP address is shown as 53.841.246.24, you know it’s not a valid IP because 841 is impossible in 8-bits. 
The more you know! Though I have this odd feeling you might actually know that since you setup a PiHole.)
EDIT: If your IP is IPv6, block most of the second half, just enough to see a difference and if the DNS leaker site outright says Cloudflare (like in my screenshot it did).
My question is: how do you know Brave is using Cloudflare to resolve your DNS queries and bypassing Pi-hole? Posting what you see on https://browserleaks.com/dns (feel free to omit details like I said) will help us with that.
1 Like
