DNS-over-TLS questions

Rhialto

Regular Contributor
I don't play much in my router settings. For some reason today I took a look at the DNS I have in place for a few years (FamilyShield) and I saw the DoT and started reading about it and thought maybe I should start using this feature.

Here are my current setup and now that I turned on DoT it ask for a server.

I will have 3 questions...

1662129801463.png


1. Do I need to change Connect to DNS Server automatically to Yes now? I thought turning on DoT would grayout this.

2. When a DNS request is sent how this work? I mean there is 2 DNS server listed and also DoT server when my selection will be made.

3. FamilyShield is not in the list, I don't feel like spending a day to compare all those so any recommendation?
 

ColinTaylor

Part of the Furniture
1. No. That setting is independent of DoT. Leave it the way it is.
2. The "normal" DNS servers will be used up until the DOT service has been established. At that point the DoT server will take over.
3. I have no recommendation. But consider why you're using DoT in the first place. Do you really need it or are you trying to fix a problem that doesn't exist?
 

RMerlin

Asuswrt-Merlin dev
3. FamilyShield is not in the list, I don't feel like spending a day to compare all those so any recommendation?
Those are only presets. If FamilyShield supports DOT, then you can manually enter their server information.
 

ColinTaylor

Part of the Furniture

Rhialto

Regular Contributor
But consider why you're using DoT in the first place. Do you really need it or are you trying to fix a problem that doesn't exist?
Good question, just like should I use DNSSEC or not I guess.

The fact I haven't looked at this for a while and as we get closer to 2023 I thought maybe the timing was good to elevate privacy/security/etc. when you have 30 devices querying the WiFi. Hard to find good answers. Some articles say it's a good idea to use it now that it is more common.

Funny thing is there is a thread here on SNB called Why DNS over TLS is so important, and if you are not using it you should be so one would think to finally find THE answer why but no, I mean it's not as clear as it seems with no definitive answer in first post.
 

ColinTaylor

Part of the Furniture
The main reason people cite for using DoT is because they fear their ISP is monitoring their DNS requests and want to hide that from them. Now your particular ISP may or may not being doing that. Even if they are you might not care.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top