DoT setup question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

lepa71

Regular Contributor
I try to config DoT with QUAD9 but some of my laptops on the LAN DNS-filter page have been defined with CleanBrowsing-Security or CleanBrowsing-Family. My primary laptop is not part of the list. If I set up "Global Filter mode" to "Router", my laptop can't get anywhere. Where is my problem? What am I doing wrong? If I set it to "No filtering" then leaktest shows that my DNS is QUAD9 like it suppose to.

1609018134813.png


1609018216295.png


For DNSFilter
1609018379291.png
 

dave14305

Part of the Furniture
What is 192.168.1.20 on your network? That is the DNS server (DHCP DNS 1) that will be enforced when DNS Filter mode is set to Router. If it is blanked, as suggested by bbunge, then it will enforce the router’s IP as the DNS server. If 192.168.1.20 IS your router IP, then there is something more to investigate.
 

lepa71

Regular Contributor
.20 is my windows 2016 server for my PCs backups. So my clients get .1 and .20 DNS IPs. This way they can get to their shared folders on the server.
I think I found my problem. I didn't reboot my router.
Another question.
I feel that cleanbrowsing-family is a little bit more secure for kids but quad9 seems more secure for malware.
Does my set up look right? Any thoughts?
 

dave14305

Part of the Furniture
If you set your DNS Filter to Router, it will force requests to your Windows Server. That also includes your Windows Server requests going into a loop (server to router to server to router...). Add a DNS Filter rule for the Windows Server to have "No Filtering" and then you should be able to use Global filter "Router".
 

lepa71

Regular Contributor
My server has DNS server turned off. How can I check that dns requests are not double hope.
This is what my client sees:
1609100625008.png

Any thoughts on that "cleanbrowsing-family is a little bit more secure for kids but quad9 seems more secure for malware" question.
 

dave14305

Part of the Furniture
My server has DNS server turned off. How can I check that dns requests are not double hope.
Then you should not have its IP address listed in DHCP as an available DNS server.
Any thoughts on that "cleanbrowsing-family is a little bit more secure for kids but quad9 seems more secure for malware" question.
I use Quad9, but haven't looked at Cleanbrowsing in a long time. My kids are too old now.
 

lepa71

Regular Contributor
My problem is that if I don't put server IP in the list then "Shared Folders" feature doe not work for the clients.
 

bbunge

Very Senior Member
My problem is that if I don't put server IP in the list then "Shared Folders" feature doe not work for the clients.
From what I remember it appears that you are trying to run a Windows Domain Contoller server and have your Windows clients log in to the server. If so you will have to have the Windows 2016 server act as a DNS and DHCP server, turn off DHCP services on the router and allow the WIndows 2016 server access to the internet upstream resolvers. You may not be able to use the security services of the router other than the firewall.
A Windows Domain Controller is way to complicated and fussy for 99.99% of home users and a lot of extra security work. My clients, Windows, Linux, Android and iOS can connect to the shares on my NAS and router with no issues and are as secure as your system.
 

lepa71

Regular Contributor
My client PCs skip the domain. I even turned off DNS Server feature on the server. Everything works except "shared folders". I can just map drives on client PCs to user-specific folders I guess.
Is there a way to see if DNS hops over to the server and then out to the router?
 

bbunge

Very Senior Member
My client PCs skip the domain. I even turned off DNS Server feature on the server. Everything works except "shared folders". I can just map drives on client PCs to user-specific folders I guess.
Is there a way to see if DNS hops over to the server and then out to the router?
AS I said in the first post, remove the 192.168.1.20 entry from DNS Server 1. Reboot the router and all your clients including the server (after you turn off DNS and DHCP on the server). Give Windows some time to figure out who is what on the LAN and you will be able to browse for shares.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top