Cloudflare DNS over TLS malware settings

[Brucecooper]

I would like to know if I should leave cloudflare DNS at 1.1.1.1 and 1.0.0.1 for malware protection and just change the DNS-over-TLS hostname to security.cloudflare-dns.com? Or should I change both addresses to 1.1.1.2 and 1.0.0.2 for both my DNS server 1 and 2 and to them as well in the DNS server list when I change the TLS hostname? I'm asking because this is how they say to do it on their help page... Thank you

 

[Tech9]

It doesn't matter much, if you set DoT profile to Strict. DNS1 and DNS2 will be used for router's own queries, DoT for your network queries.

 

[Brucecooper]

It doesn't matter much, if you set DoT profile to Strict. DNS1 and DNS2 will be used for router's own queries, DoT for your network queries.

Thank you

 

[bbunge]

Change both. Yes, it matters...

Use 1.1.1.2 and 1.0.0.2 with security.cloudflare-dns.com

1.1.1.3 and 1.0.0.3 uses family.cloudflare-dns.com

Also set the DNS Server 1 and 2 IP address

If you test DoT function to Cloudflare Help (https://cloudflare-dns.com/help/) disable DNSSEC or you will get an error.

Or use Quad9 1 and 2. The IP addresses for these are 9.9.9.9 and 149.112.112.112

 

[sfx2000]

Don't forget to update IPV6 as well...

 

[bbunge]

Don't forget to update IPV6 as well...

Ah, good point. Maybe I will get IPV6 when my ISP is sold this summer. Then again, maybe not...