What's new

DoT Setup?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

W3Wilkes

Regular Contributor
I seem to be doing something wrong to get DoT to work. I'm trying on a RT-AX86U running Merlins latest 386.7 firmware. Here's what I set in the router and the results of the test. Results are the same regardless of Profile being set to Strict or Opportunistic.
ADoT.jpg


TDoT.jpg
 
I can't speak to what some third-party reports (Cloudflare).

Using my DNS monitoring utility, what does *it* show is being used (if it's DoT, you'll see connections over port 853, NOT 53), because that's what ultimately matters.


BTW, once you specify Opportunistic, there's always the possibility it may fall back to Do53. I realize you tried both for diagnostic purposes, to see if there was a difference. But now that we know there isn't, it makes no sense to continue w/ Opportunistic and post it.
 
1.1.1.1/help works only with Cloudflare servers. You have DoT to Google as well.

But Cloudflare is confirming a connection to 1.1.1.1, just NOT thru DoT. That could be because of using Opportunistic, and why I want the OP to keep it set to Strict.
 
Here's the test with strict. Now it says NO on connected to 1.1.1.1
SDOT.jpg
 
I switched to DNS servers of 1.1.1.1 and 1.0.0.1 and manually put in both these to be the DoT DNS servers. I now have success. This leads me to believe that it was working fine when I had 1.1.1.1 and 8.8.8.8 as my assigned and DoT servers.
DoT.jpg
 
Would recommend against using Google DNS. Instead of Cloudflare 1.1.1.1 and 1.0.0.1 use Cloudflare Secure 1.1.1.2 and 1.0.0.2
DoT is manual setup with the anycast IP address of 1.1.1.2 and 1.0.0.2 and the TLS Hostname of security.cloudflare-dns.com

Or Quad9...
 
DoT is manual setup with the anycast IP address of 1.1.1.2 and 1.0.0.2 and the TLS Hostname of security.cloudflare-dns.com

Or Quad9...
Thanks for the tip.
 
If i am using my ISP's DNS servers, and have DoT enabled but nothing in the preset list, will (if ISP supports DoT) the DoT be used automatically?
Or do i need to set my ISP's DNS servers in the preset list?
 
If i am using my ISP's DNS servers, and have DoT enabled but nothing in the preset list, will (if ISP supports DoT) the DoT be used automatically?
Or do i need to set my ISP's DNS servers in the preset list?
If there is nothing in the dot list it will use the isp dns if setup above it. I’m pretty sure at least it makes sense. I never heard of an isp having a dot dns, is there any that do? But wouldn’t that also defeat the purpose of encryption dns?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top