What's new

DNS over TLS/HTTPS

HomeSafeEU

New Around Here
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.
 

Attachments

dave14305

Part of the Furniture
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.
I also posted elsewhere a minute ago that the Cloudflare test is faulty when DNSSEC is enabled. Been an issue on their side for a while now.
 

SomeWhereOverTheRainBow

Very Senior Member
Hi.
I‘d also remove the entries in WAN-DNS to make sure you only use the doT servers.

On
https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy
There‘s also a test described via tcpdump you may use.

Glood luck.
A wan dns should be filled in or set auto for router based interactions.( local traffic done by the router). The only reason why is because the routers current default makes all local traffic done by the router gets done by wan dns 1 and 2. Only client traffic goes through stubby(dot).
This is what I am referring to when I say the routers local traffic
Screenshot_20190924-041643170_1.jpg
 
Last edited:

DonnyJohnny

Very Senior Member
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.
lol.. your setting is wrong for DoT in Merlin.
You should not use manual assign dns IP. Use automatically.

And yes there is some dnssec issue with cloudflare if dnssec validation is enabled in router. If u still want dnssec, you can use dnssec-proxy instead.
 

HomeSafeEU

New Around Here
I also posted elsewhere a minute ago that the Cloudflare test is faulty when DNSSEC is enabled. Been an issue on their side for a while now.
Hi

Thanks for that advice. After I turned off DNSSEC it worked fine. I hope Cloudflare solves the problem.
 

HomeSafeEU

New Around Here
A wan dns should be filled in or set auto for router based interactions.( local traffic done by the router). The only reason why is because the routers current default makes all local traffic done by the router gets done by wan dns 1 and 2. Only client traffic goes through stubby(dot).
This is what I am referring to when I say the routers local traffic
View attachment 19390
So my settings are correct as they are now? I use "Connect to DNS Server automatically" set as "no".
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top