DoT Setup?

W3Wilkes

Occasional Visitor
I seem to be doing something wrong to get DoT to work. I'm trying on a RT-AX86U running Merlins latest 386.7 firmware. Here's what I set in the router and the results of the test. Results are the same regardless of Profile being set to Strict or Opportunistic.
ADoT.jpg


TDoT.jpg
 

eibgrad

Part of the Furniture
I can't speak to what some third-party reports (Cloudflare).

Using my DNS monitoring utility, what does *it* show is being used (if it's DoT, you'll see connections over port 853, NOT 53), because that's what ultimately matters.


BTW, once you specify Opportunistic, there's always the possibility it may fall back to Do53. I realize you tried both for diagnostic purposes, to see if there was a difference. But now that we know there isn't, it makes no sense to continue w/ Opportunistic and post it.
 

Tech9

Part of the Furniture
Here's what I set in the router and the results of the test.

1.1.1.1/help works only with Cloudflare servers. You have DoT to Google as well.
 

eibgrad

Part of the Furniture
1.1.1.1/help works only with Cloudflare servers. You have DoT to Google as well.

But Cloudflare is confirming a connection to 1.1.1.1, just NOT thru DoT. That could be because of using Opportunistic, and why I want the OP to keep it set to Strict.
 

Tech9

Part of the Furniture
Probably. Not very accurate test anyway. Yours is better.
 

W3Wilkes

Occasional Visitor
Here's the test with strict. Now it says NO on connected to 1.1.1.1
SDOT.jpg
 

W3Wilkes

Occasional Visitor
I switched to DNS servers of 1.1.1.1 and 1.0.0.1 and manually put in both these to be the DoT DNS servers. I now have success. This leads me to believe that it was working fine when I had 1.1.1.1 and 8.8.8.8 as my assigned and DoT servers.
DoT.jpg
 

Tech9

Part of the Furniture

bbunge

Part of the Furniture
Would recommend against using Google DNS. Instead of Cloudflare 1.1.1.1 and 1.0.0.1 use Cloudflare Secure 1.1.1.2 and 1.0.0.2
DoT is manual setup with the anycast IP address of 1.1.1.2 and 1.0.0.2 and the TLS Hostname of security.cloudflare-dns.com

Or Quad9...
 

Tech9

Part of the Furniture
Would recommend against using Google DNS.

Why? He never mentioned he needs filtered DNS service. Google DNS is one of the fastest around.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top