Menu
What's new
By:
Filters Better Search

Can't seem to get DoT to work with Cloudflare

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Deetlemore said:
The more I've messed with it, the more I think that I just can't reach those domains for whatever reason.

The fact that I don't even get a confirmation on Clodflare's test site that I'm using their DNS, when I can verify that I am through other methods, makes me think this is some fringe case and DoT is actually working fine.
Click to expand...

It's possible your ISP or County do not allow encrypted DNS over TLS via cloud flare domains since your encrypting the dns domain lookups. That's not to say they can't see the reverse lookup the ip address your connected to but likely more of a pain in the butt. That said I have no idea why you cannot connect to cloudflare via DoT. My suggestion would be to attempt to use a vpn on the router with DoT or a VPN on your computer with a browser with DoT support.
 
After learning the basics of tcpdump, I can confirm that DoT is working. All DNS queries are using port 853, and if I disable DoT, then I see port 53 as expected. I'm going to just chalk up Cloudflare's test page as having a grudge towards some facet of my setup or ISP.
 
Deetlemore said:
After learning the basics of tcpdump, I can confirm that DoT is working. All DNS queries are using port 853, and if I disable DoT, then I see port 53 as expected. I'm going to just chalk up Cloudflare's test page as having a grudge towards some facet of my setup or ISP.
Click to expand...
If you want, install bind-dig from Entware and run some test queries:
Code: 
dig is-dot.help.every1dns.net @127.0.0.1
dig is-dot.help.every1dns.net @127.0.1.1
dig is-dot.help.every1dns.net +tls @1.1.1.1
In theory, all should produce the same answers. But if they differ, that might tell us something.
 
RT-AX86U Pro, Merlin 388.2. My WAN settings generally look like the others posted. My question has to do with the dnscheck results. The results populate with my ISP address, the ad guard dns resolvers, and DNSSEC passes. About 5 seconds later the Cloudflare DNS resolver info populates. Not sure if that's good or bad.

1684342309228.png


1684342338531.png
 
You must log in or register to reply here.

Similar threads

Neo-ST
Can't get AX86U to work with bridged router (Link DOWN)
Replies
18
Views
747
Neo-ST
Neo-ST
G
Help with DNS encryption configuration
Replies
9
Views
2K
GoldenSW
G
P
Port Forwarding Transmission with AirVPN
Replies
2
Views
767
pavlfz
P
Inrumpo
Solved Exclusive DNS leads to all VPN connections blocked
Replies
10
Views
2K
128bit
128bit
D
Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled
Replies
4
Views
2K
DroidST
D
Similar threads
Thread starter Title Forum Replies Date
C dnsmasq processes seem to be the wrong way around Asuswrt-Merlin 1
Diamond67 Solved My radio problems with the latest Merlin fw 386.12_4 seem to be over Asuswrt-Merlin 1
T Using DOT DNS breaks ECS Asuswrt-Merlin 9
U Solved Cloudflare DoT test Asuswrt-Merlin 5
D WAN DNS Setting: Using different DoT servers Asuswrt-Merlin 19
J Cloudflare DDNS 388.6 Asuswrt-Merlin 4
R DNS filtering when using cloudflare DNS? Asuswrt-Merlin 4
A Solved Need help setting up DDNS for cloudflare Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 776 (members: 23, guests: 753)
Top