Enabling IPV6 messed up the DNS DOT

[x7007]

I enabled IPV6 Native and tried others, it worked 10/10 but for some reason speedtest and many other servers showed me instead 5050mbps , only 4750mbps. other computer which is 2.5gbps still showed 2350. it depends on the servers? it tested Ipv6 servers and they bad?

Expect than I use NEXTDNS with DNS DOT and now it just doesn't work . I don't know what I am missing

 

[bbunge]

The Cloudflare "test" works only with Cloudflare resolvers.
Also, it is recommended that you alternate IPV4 and IPV4 resolver addresses when using IPV4 and IPV6 with DoT.

 

[x7007]

The Cloudflare "test" works only with Cloudflare resolvers.
Also, it is recommended that you alternate IPV4 and IPV4 resolver addresses when using IPV4 and IPV6 with DoT.

yes I deleted the IPV6 from the DOT in the IPV4.
what settings should I change also?
so how can I check if DOT works?

Need help to setup DNS-over-TLS (DOT)

Asus released the new updates and it allowed DoT. I tried to set it up as shown in the picture but nextdns tell me using nextdns without config. Is there a way to set up the proper way so, I don't…

help.nextdns.io

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

Quote from reddit I used the installer CLI on the router. are the settings fine if I do the same?

-DNS Rebind protection off if you have that switched on Nextdns (you will get DNS rebind attack log if Nextdns returned 0.0.0.0 for a domain)

-Do not forward local domain queries to upstream.

-I left DNSSEC on locally but Nextdns have theirs on automatically. If you dont mind latency/round robin, I leave it on.

-Auto DoH Yes

-TLS port leave empty.

This is before I switched to Unbound(Asuswrt Merlin), maybe other experts have better opinion. Good luck!




I tested with this it says I am protected

DNSSEC Resolver Test

Test result: success

Yes, your web browser is protected by DNSSEC.

That's mean I am fine?

Connection test

Test for modern Internet Standards IPv6, DNSSEC, HTTPS, HSTS, DMARC, DKIM, SPF, STARTTLS, DANE, RPKI and security.txt

conn.internet.nl

Domain signature validation (DNSSEC)​

Well done! Domain signatures (DNSSEC) are validated for you. Therefore you are protected against false translation from signed domain names into rogue IP addresses



Taken from here

DNS-over-TLS (DoT) - How do I know it's working?

Hello, I used to use Stubby which I installed via Entware, but I believe that is now depreciated. I now utilize the setting in Merlin within WAN > Internet Connection > DNS Privacy Protocol, set to 'DNS-over-TLS' (settings attached in a screenshot). However, when I visit https://1.1.1.1/help...

www.snbforums.com

 

[Tech9]

DoT is working. Rebind protection with filtering upstream DNS provider - Disabled, DNSSEC with encrypted DNS to your upstream provider - Disabled, forward local domains upstream (in most cases) - Disabled, prevent Auto DoH - attempt, not guaranteed, may break services like iCloud. Cloudflare test works with Cloudflare servers only as explained above. IPv6 has no speed advantages, it may be actually slower depending on upstream implementation and connections. Some ISPs offer IPv6 support via 6in4 tunnels. Some don't have IPv6 support at all. If you have IPv4 public WAN IP address you can keep IPv6 at default Disabled. It brings no advantages to you.