stuffedtiger
Occasional Visitor
for a long time i was using this dnsmasq.postconf script to have dnsmasq send out my router's address as a DNS server to clients, and then put in my custom DNS servers on the WAN -> Internet Connection and IPv6 pages. this worked very well, but now with the addition of DoT i want to make sure i'm doing everything right, so i'm asking the community for guidance.
at the moment, i have Connect to DNS Server automatically set to True for both IPv4 and IPv6 DNS servers and on the WAN -> Internet Connection page i've enabled DoT and have the two IPv4 and two IPv6 Cloudflare DNS addresses added (i'm not sure if i need both v4 and v6 here). i also enabled DNSFilter and set the Global Filter Mode to Router.
i tested this configuration using the Cloudflare ESNI Checker posted in one of the threads i saw about DoT and i get a green check mark on Secure DNS. my confusion comes in at the point where i wonder if both IPv4 and IPv6 DNS servers are necessary in the DoT setup. AFAIK an IPv6 address can be retrieved from a IPv4 DNS server but if i'm trying to access an IPv6 domain will my router use the IPv6 DNS server by default? or does the firmware "round robin" its picks based on availability? are just the two IPv4 servers enough?
another point of confusion comes from seeing what appear to be my IPS's IPv6 DNS servers when i check my internet connection from within Windows. my router's address shows as the IPv4 DNS server. this was the reason i used that dnsmasq.postconf script in the first place. i wanted to make sure every device that connected to my router used the custom DNS servers since even after entering the DNS servers manually into the router, i would still see my ISP's IPv6 DNS servers in Windows. DNSFilter apparently does this too, but i learned about it after already setting up the dnsmasq.postconf script so i didn't want to mess with it. so i wondering: even though i see my ISP's DNS servers in Windows, will my computer still use the custom DNS servers specified in the DoT settings?
at the moment, i have Connect to DNS Server automatically set to True for both IPv4 and IPv6 DNS servers and on the WAN -> Internet Connection page i've enabled DoT and have the two IPv4 and two IPv6 Cloudflare DNS addresses added (i'm not sure if i need both v4 and v6 here). i also enabled DNSFilter and set the Global Filter Mode to Router.
i tested this configuration using the Cloudflare ESNI Checker posted in one of the threads i saw about DoT and i get a green check mark on Secure DNS. my confusion comes in at the point where i wonder if both IPv4 and IPv6 DNS servers are necessary in the DoT setup. AFAIK an IPv6 address can be retrieved from a IPv4 DNS server but if i'm trying to access an IPv6 domain will my router use the IPv6 DNS server by default? or does the firmware "round robin" its picks based on availability? are just the two IPv4 servers enough?
another point of confusion comes from seeing what appear to be my IPS's IPv6 DNS servers when i check my internet connection from within Windows. my router's address shows as the IPv4 DNS server. this was the reason i used that dnsmasq.postconf script in the first place. i wanted to make sure every device that connected to my router used the custom DNS servers since even after entering the DNS servers manually into the router, i would still see my ISP's IPv6 DNS servers in Windows. DNSFilter apparently does this too, but i learned about it after already setting up the dnsmasq.postconf script so i didn't want to mess with it. so i wondering: even though i see my ISP's DNS servers in Windows, will my computer still use the custom DNS servers specified in the DoT settings?
Last edited: