What's new

DNS over TLS and Recommended Privacy configurations

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hhharsha36

New Around Here
I am a complete noob when it comes to router configuration. I am trying to achieve the best possible settings for privacy.

I am using ASUS RT-AX88U and I apologize in advance if any of these queries has been answered before, but I was not able to find precisely what I am looking for.

I want to use Quad9 and BlahDNS on DNS-over-TLS option and below is the configuration I have entered on my router.

Screenshot (9).png


Unfortunately, it doesn’t seem to work as it fails the DNS leak test.

Screenshot (28).jpg


I don’t know what I am doing wrong.

Also, how do I setup `Secure SNI` on router level? Is it possible?

Are there any other recommended privacy settings I can modify for my router?

Thanks in advance for all your help, I really appreciate your time and effort in helping me out
 
I am a complete noob when it comes to router configuration. I am trying to achieve the best possible settings for privacy.

I am using ASUS RT-AX88U and I apologize in advance if any of these queries has been answered before, but I was not able to find precisely what I am looking for.

I want to use Quad9 and BlahDNS on DNS-over-TLS option and below is the configuration I have entered on my router.

View attachment 37499

Unfortunately, it doesn’t seem to work as it fails the DNS leak test.

View attachment 37500

I don’t know what I am doing wrong.

Also, how do I setup `Secure SNI` on router level? Is it possible?

Are there any other recommended privacy settings I can modify for my router?

Thanks in advance for all your help, I really appreciate your time and effort in helping me out
Hi, welcome to the forum.

You have Google (8.8.8.8) set as your first DoT server, hence the results you’re seeing.
Maybe change the “8.8.8.8” address to 9.9.9.9?

I don’t believe SNI is a router enabled setting.
 
9.9.9.9 - Quad9
8.8.8.8 - Google
Hi, welcome to the forum.

You have Google (8.8.8.8) set as your first DoT server, hence the results you’re seeing.
Maybe change the “8.8.8.8” address to 9.9.9.9?
Thanks a lot for your swift responses, I am overwhelmed by this community. I feel like such a fool for my mistake -_-

I have changed it to `9.9.9.9` and did a reboot.

But on `https://tenta.com/test/` page, I am getting TLS enabled as false.

what am I doing wrong?
 
Thanks a lot for your swift responses, I am overwhelmed by this community. I feel like such a fool for my mistake -_-

I have changed it to `9.9.9.9` and did a reboot.

But on `https://tenta.com/test/` page, I am getting TLS enabled as false.

what am I doing wrong?

That Tenta page has never worked for me………:confused:
(When testing for DoT)
I would ignore it.
 
@hhharsha36 I would SSH into the router. Then run 'netstat' and see if you're connecting to the upstream DNS on port 853.

I.E. my output look like this "protected.canadianshield.cira.ca:853 TIME_WAIT"

853 = DNS over TLS :)
 
@hhharsha36 I would SSH into the router. Then run 'netstat' and see if you're connecting to the upstream DNS on port 853.

I.E. my output look like this "protected.canadianshield.cira.ca:853 TIME_WAIT"

853 = DNS over TLS :)
Thanks a lot for your suggestion @cptnoblivious . below is the output I got from `netstat` command on SSH.

```
Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49454 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49446 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49471 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49441 TIME_WAIT

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49451 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49436 TIME_WAIT

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49465 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:35536 192.168.50.216:35608 TIME_WAIT

tcp 0 0 ***********:****** dns9.quad9.net:853 ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49474 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49458 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49478 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49448 TIME_WAIT

tcp 0 0 ***********:****** *******.ap-southeast-1.compute.amazonaws.com:5061 ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49456 TIME_WAIT

tcp 0 116 RT-AX88U-0558.:8716 192.168.50.206:49449 ESTABLISHED

tcp 0 0 ***********:****** dot-ch.blahdns.com:853 ESTABLISHED

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49443 TIME_WAIT

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49462 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49481 TIME_WAIT

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 ***********:****** *******.deploy.static.akamaitechnologies.com:https ESTABLISHED

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49439 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49476 TIME_WAIT

tcp 0 0 RT-AX88U-0558.:8443 192.168.50.206:49469 TIME_WAIT

tcp 0 0 ***********:****** *******.rrdns.pch.net:853 ESTABLISHED
```
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top