What's new

DNS over HTTP on Asus Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Authority

Senior Member
I am using DoH on my RT-AC68 with NextDNS and it works GREAT. I was wondering when it will be natively supported?
 
I would not hold my breath. RMerlin has often opined how he dislikes DoH is because it masks DNS behind normal HTTPS traffic, making network management more difficult. I'm not expecting him to encourage its adoption in any way.
Besides, he would easily argue that he has implemented DoT, which provides adequate dns "protection & security" to the end user. If users want true privacy, use unbound.
 
I would not hold my breath. RMerlin has often opined how he dislikes DoH is because it masks DNS behind normal HTTPS traffic, making network management more difficult. I'm not expecting him to encourage its adoption in any way.

So NextDNS is the only way for now? I would have thought RMerlin would want to support user choice. Thanks for the reply!
 
Why does it seem the whole world (Google, Microsoft, Apple, Firefox, etc.) is going DoH vs. DoT?
Well from a privacy stand point, there is no real privacy since you are still sharing your information with whatever server you are using. In this respect, someone knows something. DoH v.s. DoT is not really an issue in my opinion. One offers DNS security with a false hope of DNS traffic being hidden, while the other offers same level security with no false hope of dns traffic being hidden since it is managed using an exclusive port.
 
Last edited:
So NextDNS is the only way for now? I would have thought RMerlin would want to support user choice. Thanks for the reply!

Ask the stubby developers to implement DoH then. All existing DoH solutions at this time are massive bloatware, stubby+dnsmasq was the solution decided upon. I don't want to add an extra 4-5 MB of code to the firmware images to support different types of DNS solutions. Stubby is nice because it's a native C solution, so it's very lean.
 
Last edited:
Looks like DoH is coming to Stubby (and Merlin) then?

A future release of Stubby is expected to support the following:
  • DNS-over-HTTPS (DOH)
  • Configuration of servers using authentication name only



Does that include NextDNS?
I imagine when they implement DoH it will be inclusive of reading whatever DoH address is required to reach whatever server you use.
 
Well from a privacy stand point, there is no real privacy since you are still sharing your information with whatever server you are using. In this respect, someone knows something. DoH v.s. DoT is not really an issue in my opinion. One offers DNS security with a false hope of DNS traffic being hidden, while the other offers same level security with no false hope of dns traffic being hidden since it is managed using an exclusive port.

I don't think it's a "false hope of being hidden". DoH is TCP traffic and just looks like all other HTTPS traffic so it can't be blocked by port like DoT making it easier to implement and trouble shoot... you never have to wonder if your HTTPS is being blocked right?
 
I don't think it's a "false hope of being hidden". DoH is TCP traffic and just looks like all other HTTPS traffic so it can't be blocked by port like DoT making it easier to implement and trouble shoot... you never have to wonder if your HTTPS is being blocked right?
Just because https cannot be block'd doesn't mean there isn't imminent risk or danger lurking hidden inside all that https traffic waiting for your traffic.
 
What I mean is , DoT encrypts your traffic exclusively inside a tunnel downright encrypting the dns traffic itself, while DoH only tries to mask your traffic inside HTTPS traffic where other risk or vulnerabilities may lie waiting.

But "other risk or vulnerabilities may lie waiting" whether or not you're using DoH.
 
The arguement is the risk for that is greater while you are using DoH since your dns traffic is not exclusively encrypted. While the risk for using DoT is that your port may get blocked.

Sorry I am still not following. Are you saying that there's a risk inherant in DoH because it's not "exclusively encrypted"? What is the risk? Do you have a source for this?
 
The risk is that while your traffic is masked with all the other https traffic, it is still not exclusively encrypted between you and the server you are using. Yes Https traffic has encryption, but the dns within is not encrypted from the rest of the traffic. These are just facts.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top