DNS over Tls is it right?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

badplay

New Around Here
i use this


In the webui go to WAN / Internet Connection / WAN DNS Setting
Set Connect to DNS Server automatically to No. (When using DoT this setting governs what happens in case your selected DoT DNS server doesn't load correctly. Setting it to Yes means that your router will start off with your ISP's DNS server before the router loads your selected DoT server. Setting it to No means that your router will start off with whatever fallback DNS server you select.)
At DNS Server1, enter 1.1.1.1. (As most will recognize, this is for Cloudflare. I chose it because I personally choose to assiduously avoid using my ISP's DNS server for any purpose, even the time check at router startup.)
At DNS Server2, enter 1.0.0.1. (This is Cloudflare's secondary address.)
Set Forward local domain queries to upstream DNS to No. (Whether it's your ISP's DNS server, Cloudflare or whatever, the upstream DNS doesn't know your local network map.)
Set Enable DNS Rebind protection to Yes. (Doing so helps to defend against possible cross-scripting attacks.)
Set Enable DNSSEC support to Yes. (@RMerlin recommends this at https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy.)
Set Validate unsigned DNSSEC replies to Yes. (@RMerlin also recommends this at https://github.com/RMerl/asuswrt-merlin/wiki/DNS-Privacy.)
Set Prevent client auto DoH to Auto.
At DNS Privacy Protocol, select DNS-over-TLS (DoT).
At DNS-over-TLS Profile, select Strict.
At Preset servers, select your preferred DNS service. I went with Quad9's 9.9.9.9 and 149.112.112.112 because I prefer Quad9 and like its filtering of malicious websites. (If you choose 2 different services, such as Quad9 and Cloudflare, the router will alternate between the two, rather than using one as primary and another as backup).
Hit Apply.
Thanks to @themiron and @RMerlin for implementing DoT. Thanks to all for alpha and beta testing this feature and for your earlier comments on configuration options.

at the Preset Servers i used the 4 from cloudflare
 

bbunge

Part of the Furniture
i use this



At DNS Server1, enter 1.1.1.1. (As most will recognize, this is for Cloudflare. I chose it because I personally choose to assiduously avoid using my ISP's DNS server for any purpose, even the time check at router startup.)
At DNS Server2, enter 1.0.0.1. (This is Cloudflare's secondary address.)


at the Preset Servers i used the 4 from cloudflare
Preset Servers? Where is this setting?
Why not use Quad9 in DNS Server 1 and 2?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top