RT-BE88U DNS-over TLS

[Robert57]

Hello everyone
I am quite inexperienced in the router area, can someone tell me how to set up DNS-over-TLS on my router.
I have to say that I have already activated DNSSEC.
Thanks for the advice in advance

 

[Robert57]

Addendum: Use Asus Merlin

 

[Treadler]

Wan > dns privacy protocol > set to “DoT”.

Then, ‘preset servers’ & select as required.

Save/apply your changes.

 

[Ripshod]

Just as a visual aid to the above post

 

[Robert57]

Thank you very much for your support!!!
I'm not sure if it's set up correctly for me.
The problem is that I have set it up according to your instructions. (see appendix)
then also pressed Ok at the bottom.
However, when I leave the WAN area and then return to the WAN area, DNS data protection protocol is set to “None” again (see Appendix 2
Is the error that I have activated DNSSEC?
I have read that the activation of DNS-ocer-TLS only works if I have switched off DNSSEC.
Is this really the mistake I have made here?

 

[Ripshod]

When you select a server from the list you have to click on the + (add) button (you can see I have 4 in my list). Click the Apply button at the bottom when your list is built.

 

[Robert57]

That's what I did (see first picture) The address of Quad9 is included in the list

 

[Ripshod]

Missed that, d'oh!!
Have you tried with different browsers and devices? Guest mode?

 

[Robert57]

I currently have Firefox as my browser. Switched to Windows Edge and have the same reaction.
I'm also not really sure if this could be a browser issue as the DNS over TLS should be a direct command for the router

 

[Robert57]

Perhaps DNS-over-TLS is also active.
Do you know how I could check this?

 

[dave14305]

Perhaps DNS-over-TLS is also active.
Do you know how I could check this?

Login via ssh and run:

ps ww | grep stubby
nvram show | grep ^dnspriv_

Another useful step would be to open the Browser’s F12 developer tools, switch to the console tab, setup DoT and then press the OK button. See if any messages appear in that console view.

 

[Robert57]

I get the following answers:
dsnpriv_enable=0
dnspriv_profile=1
the dnspriv_rulelist is output with the data from quad9.net.

dnspriv_enable is set to 0, which means it is not active.
I have reset and reinstalled my router. There has been no change in the situation

 

[kuchkovsky]

You can also consider using DoH with NextDNS CLI, which is officially supported by Asuswrt-Merlin:

NextDNS

The new firewall for the modern Internet

nextdns.io

AsusWRT Merlin

NextDNS CLI client (DoH Proxy). Contribute to nextdns/nextdns development by creating an account on GitHub.

github.com

Home

NextDNS CLI client (DoH Proxy). Contribute to nextdns/nextdns development by creating an account on GitHub.

github.com

It's really easy to configure, and it's even better than the common DNS providers. It blocks ads and tracking for up to 300K DNS queries monthly, and then it starts behaving like a usual DNS without any blocking, but still with encryption (unless you pay $20 a year for an unlimited number of filtered queries).

After installation, you can open https://test.nextdns.io in your browser or run the following command in the terminal to check if it's working:

curl -L https://test.nextdns.io