DNS description thread?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Bamsefar

Senior Member
I would like to make a wish now before Christmas and all:

That someone that know how the DNS solutions that now are available for Asus Routers with RMerlin's superb versions, creates a preferable sticky post that yes simply describes the options available and well comes with some sort of recomendation. Currently I simply have given up, with everything from DNSSEC to DoH/DoT and <what-ever-flawor-that-might-be-available>. For me currently it is to much to digest - I simply need some friendly help :) If I may wish for something that is :)
 

skeal

Part of the Furniture
I would first try to read up on it here. Just read what you want to read. Then when the topic comes up, you will have an idea of what people are talking about. FWIW, your settings is what counts, not someone's recommendation from the other side of the globe.
 

AndreiV

Very Senior Member
Okey, so wish not granted - got it.

DNS Rebind protection = protects against DNS being /hijacked/attacked/changed.

DNSSEC checks the DNS lookup servers haven't been hijacked .

Validate unsigned DNSSEC replies . Checks the DNS server really doesn't use DNSSEC.

DNS Privacy Protocol . DNS over TLS , encrypts your DNS lookups to stop people spying on the URL's you request in your browser.

DNS-over-TLS Profile : Strict will only allow the use of a remote DNS server if it can be authenticated as genuine . If authentication fails you won't access the website you requested.

Opportunistic setting will check the DNS server but still allow the "lookup" and connection if it fails to authenticate the server is genuine/safe.

On my AC3200 I use the settings shown in the screenshot :

 
Last edited:

bbunge

Very Senior Member
DNS Rebind protection = protects against DNS being /hijacked/attacked/changed.

DNSSEC checks the DNS lookup servers haven't been hijacked .

Validate unsigned DNSSEC replies . Checks the DNS server really doesn't use DNSSEC.

DNS Privacy Protocol . DNS over TLS , encrypts your DNS lookups to stop people spyiong on the URL's you request in your browser.

DNS-over-TLS Profile : Strict will only allow the use of a remote DNS server if it can be authenticated as genuine . If authentication fails you won't access the website you requested.

Opportunistic setting will check the DNS server but still allow the "lookup" and connection if it fails to authenticate the server is genine/safe.

On my AC3200 I use the settings shown in the screenshot :

Wow! This is about as simple as it gets! The only other point is the selection of resolvers: for unfiltered DNS use Cloudflare or Google, for basic filtered protection use Quad9 or Safe Browsing.
 

Butterfly Bones

Very Senior Member
Okey, so wish not granted - got it.
This is a very complex question. I know you want an Easy Button to get the answer, but none exists. These are all new and competing technologies. I suggest you Google for "DNS over TLS vs DNS over HTTPS vs Dnscrypt-proxy" and read, read, read.

I will say this, DNS over TLS and DNS over HTTPS are I.E.T.F. standards, DNscrypt-proxy is not, if that matters to you. Also note that most information on DNSCrypt is about the old V.1 that is abandoned; there is a new version 2 under active development as DNSCrypt-proxy. Here is the Google search link.

Still want the Easy Button? Set up DNS over TLS as shown above by AndreiV.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top