What's new

DoT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hey all, just wanted to say thanks for all your help. A number of you contributed to this thread with a lot of great info which I could not piece together from searches done. I went ahead and went thru the logs and it looks great always hitting one of the DoT servers listed. Thank you all once again!
 
Your router needs to talk to an NTP server to set its clock before encryption can be used. So, no DoT without a working regular DNS to set that clock first.
Then it is logical to write in these fields of the DNS address using port 53, eg provider address?
p.s. these fields are empty for me and everything works well :cool:
 
Last edited:
Then it is logical to write in these fields of the DNS address using port 53, eg provider address?
If you want to use your provider's addresses just set "Connect to DNS Server automatically" to Yes. Otherwise you can manually enter non-provider addresses like 8.8.8.8 or 1.1.1.1.

p.s. these fields are empty for me and everything works well :cool:
If NTP has not (or cannot) set the date & time by the time Stubby starts it will start in "no-TLS mode". This may allow the router to resolve NTP addresses so that it can then set the date & time, after which Stubby will restart in "strict mode".

http://www.snbforums.com/threads/fo...ts-dns-over-tls-beta-closed.48115/post-423104
https://github.com/RMerl/asuswrt-me...30eabe/release/src/router/rc/services.c#L2006
 
Last edited:
Great thread guys.

I just installed Tcpdump.

When I run where does it capture the log?
 
The output goes to stdout unless you direct it elsewhere.


another question when I run the command in ssh should I not see some output in the window as its running?

1614265373765.png


ok if i remove the port info I see it capturing.

1614265641065.png
 
So is it working when you use the correct interface?

It only works when I take out the port info.
Eth0 or vlan35 both work without it.
And the end result which was confirmation of which port is there.

1614269147086.png
 
Last edited:
It only works when I take out the port info.

Eth0 or vlan35 both work without it.

And the end result which was confirmation of which port is there.

View attachment 31260
OK looking into this a bit more it's because PPPoE is its own protocol (as shown in your image) but tcpdump's "port" parameter matches IP packets not PPPoE.

Oh well, you found your answer anyway. :)
 
@Makaveli Just a thought (because I don't have PPPoE), do you have another IP interface called something like ppp0 that you could use?
If I run ip a from ssh I do.

1614270795280.png


And that did the trick the command works now with port info good catch.

1614271032363.png
 
If you want to use your provider's addresses just set "Connect to DNS Server automatically" to Yes. Otherwise you can manually enter non-provider addresses like 8.8.8.8 or 1.1.1.1.
If NTP has not (or cannot) set the date & time by the time Stubby starts it will start in "no-TLS mode". This may allow the router to resolve NTP addresses so that it can then set the date & time, after which Stubby will restart in "strict mode".
Wait ... again the question is not fully resolved. I am using DoT AdGuard. Do I understand correctly that to speed up the loading process, I can enter (manual) the addresses of the DNS 1/2 port 53 of the local provider (not Google, not quad, etc.), in the fields and then the correct connection to the DoT DNS server AdGuard will occur?
 
Wait ... again the question is not fully resolved. I am using DoT AdGuard. Do I understand correctly that to speed up the loading process, I can enter (manual) the addresses of the DNS 1/2 port 53 of the local provider (not Google, not quad, etc.), in the fields and then the correct connection to the DoT DNS server AdGuard will occur?
Whether there is any "speed up" will probably depend on which DNS servers you are using and how many other services you are running on your router. Only you can find that out by timing different configurations. But I doubt there would be more than 10 seconds difference from best to worst. Not something worth worrying about IMHO.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top