What's new

DNS over TLS/HTTPS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

HomeSafeEU

New Around Here
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.
 

Attachments

  • Router.JPG
    Router.JPG
    68.5 KB · Views: 1,010
  • Computer_Chrome.JPG
    Computer_Chrome.JPG
    84.3 KB · Views: 683
  • iPhone_IOS13.PNG
    iPhone_IOS13.PNG
    187.7 KB · Views: 650
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.
I also posted elsewhere a minute ago that the Cloudflare test is faulty when DNSSEC is enabled. Been an issue on their side for a while now.
 
Hi.
I‘d also remove the entries in WAN-DNS to make sure you only use the doT servers.

On
https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy
There‘s also a test described via tcpdump you may use.

Glood luck.
A wan dns should be filled in or set auto for router based interactions.( local traffic done by the router). The only reason why is because the routers current default makes all local traffic done by the router gets done by wan dns 1 and 2. Only client traffic goes through stubby(dot).
This is what I am referring to when I say the routers local traffic
Screenshot_20190924-041643170_1.jpg
 
Last edited:
Hey.

I hope someone can help me with DNS over TLS. I should immediately think that I have set it correctly, but when I test it, it doesn't seem to work. Can you see any errors in my setup or is there anything else I need to do?
Thanks in advance.

I have uploade some attached files to this post - images of the settings.

lol.. your setting is wrong for DoT in Merlin.
You should not use manual assign dns IP. Use automatically.

And yes there is some dnssec issue with cloudflare if dnssec validation is enabled in router. If u still want dnssec, you can use dnssec-proxy instead.
 
I also posted elsewhere a minute ago that the Cloudflare test is faulty when DNSSEC is enabled. Been an issue on their side for a while now.

Hi

Thanks for that advice. After I turned off DNSSEC it worked fine. I hope Cloudflare solves the problem.
 
A wan dns should be filled in or set auto for router based interactions.( local traffic done by the router). The only reason why is because the routers current default makes all local traffic done by the router gets done by wan dns 1 and 2. Only client traffic goes through stubby(dot).
This is what I am referring to when I say the routers local traffic
View attachment 19390

So my settings are correct as they are now? I use "Connect to DNS Server automatically" set as "no".
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top