Hi Guys,wanna ask about cloudflare DOT 1.1.1.2 on Merlin's DNS Privacy Protocol settings

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

doublehd

Occasional Visitor
Any chance that I choose the preset server "1.1.1.1" by the droplist,then I gonna edit 1.1.1.2 instead of 1.1.1.1 ?
If I really do so,does the 1.1.1.2 really blocks away malwares ? I tested many times from the site "https://phishing.testcategory.com/" but it's nearly differ resulted all the time,lol.
Any thoughts would be appeciated,thanks alot.
 

bbunge

Very Senior Member
No. The CF Secure and Family do not support DoT. Quad9 or Clean Browsing are the best bet.
CF Secure and Family do support DoH but there seems to be some security concerns over DoH.
 

Mutzli

Very Senior Member
No. The CF Secure and Family do not support DoT. Quad9 or Clean Browsing are the best bet.
CF Secure and Family do support DoH but there seems to be some security concerns over DoH.
I think they updated their 1.1.1.2 DNS servers to include DoT now. See this link to the instructions on how to setup 1.1.1.1 for Families.

Edit: Nevermind, I just checked to see if it works, but the requests are all made and received on port 53 not 853 when 1.1.1.2 is configured. 1.1.1.1 works on port 853.
 
Last edited:

doublehd

Occasional Visitor
Thanks alot for both of you to drop by real fast;).Ouch~ glad that I've finally asked this silly question,I was wondering and kinda weird because I've seen the ISP's ip was established with 1.1.1.2:853 by netstat thru the router so I thought 1.1.1.2 DOT worked in that way.Nice to figure out at last,I guess I will go with Clean Browsing DOT and 1.1.1.1 DOT by now(QUAD's kinda high pinged for me). Thanks buddies,appeciated for quick assistance..
 

Mutzli

Very Senior Member
You can check it for yourself, maybe some Cloudflare servers have been updated. Us this command and watch for connections being made on x.x.x.x.853. If you see x.x.x.x.53 it's not a secure connection.
DNS over TLS check (Install tcpdump = opkg install tcpdump)
Code:
tcpdump -ni eth0 -p port 53 or port 853
 

doublehd

Occasional Visitor
You can check it for yourself, maybe some Cloudflare servers have been updated. Us this command and watch for connections being made on x.x.x.x.853. If you see x.x.x.x.53 it's not a secure connection.
DNS over TLS check (Install tcpdump = opkg install tcpdump)
Code:
tcpdump -ni eth0 -p port 53 or port 853
Thanks bud for another help,but sadly I'm not familiar with script thing.I'm running Samba usb on AC88U,is it ok if I install tcpdump to the same usb ?Apologise for newbie on script.:p
 

Mutzli

Very Senior Member
Thanks bud for another help,but sadly I'm not familiar with script thing.I'm running Samba usb on AC88U,is it ok if I install tcpdump to the same usb ?Apologise for newbie on script.:p
Yes, it's a small command 7.5MB.
 

Mutzli

Very Senior Member
1.1.1.2 DOES support DOT. Has for months. Using it right now on Pfsense router.
Didn't work from my location. Connection only where made via unencrypted and unauthenticated port 53 and not on an encrypted channel with port 853.

Also Cloudflare's Q and A says it's not supported yet, but they are working on it:
  • Does 1.1.1.1 for Families support DNS over TLS?
    • No. But our team is working on it.
 
Last edited:

doublehd

Occasional Visitor
EDIT: woohoo,I'm done with installation probably I'm kind of tired.Reboot router and do the test.

Okay ,just tested and found out 1.1.1.2 works on DOT,no port 53 appeared.no sweat~
So I will go for cleanbrowsing and 1.1.1.2 on 853 .Thanks alot with patient facing to a retard liked me.Best regardz.
 
Last edited:

Treadler

Very Senior Member
EDIT: woohoo,I'm done with installation probably I'm kind of tired.Reboot router and do the test.

Okay ,just tested and found out 1.1.1.2 works on DOT,no port 53 appeared.no sweat~
So I will go for cleanbrowsing and 1.1.1.2 on 853 .Thanks alot with patient facing to a retard liked me.Best regardz.
Cloudflare for families working (verified using CLI code above) fine here over DoT.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top