Settings Prevent client auto DoH

Unetwork

Regular Contributor
Hi, can you explain the difference between "AUTO" and "YES" modes for the "Prevent client auto DoH" function.
I always left it on "YES" but never really understood if it was right.
I want all firefox browsers on my network to exclusively use my ASUS router's custom DNS and DNS privacy protocol (DoT)
Are my settings correct on "YES" ?
Thank you in advance for your advice.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Click on the "Prevent auto DoH" label to see an explanation.
 

Unetwork

Regular Contributor
Thank you for your answer. I have already consulted the information bubble but it is still not clear to me.
Does "YES" prevent any device on the LAN doing DoH, so includes "AUTO" but also any manually attempts ?
I specified that I only want to use the DoT protocol, so I guess "YES" is correct which will ban DoH from the local network ?
 
Last edited:

RMerlin

Asuswrt-Merlin dev
That option does not prevent using DoH. It only prevents the use of the automatic DoH upgrade supported by, Firefox, for example.

Blocking or intercepting DoH is pretty difficult because it was specifically designed that way, to give network admins a headache (as it uses the same port as regular https traffic). Just one of the multiple reasons why I hate it and I prefer DoT...
 

Unetwork

Regular Contributor
Thanks for the additional information.
I will leave it on YES, from what I understand it makes more sense. Better safe than sorry...
Another point, with DoT enabled, is it necessary to also enable "DNS-Based Filtering" choice (Router) ?
I don't see a difference if I enable or disable this setting.
Sans titre 2.png
 

RMerlin

Asuswrt-Merlin dev
Another point, with DoT enabled, is it necessary to also enable "DNS-Based Filtering" choice (Router) ?
It will prevent devices with hardcoded DNS servers (like some Android apps who are harcoded to use 8.8.8.8) from bypassing the router for regular DNS requests.
 

Unetwork

Regular Contributor
Thank you for this information, everything is now clear to me.
Good evening to you and thanks again for your work !
 

Tech9

Part of the Furniture

Unetwork

Regular Contributor
You can prevent other devices from using DoH by blocking known DoH servers. This is a good blocklist:

Thanks for the additional information. I'll leave the setting on "YES" for 'Prevent auto DoH' and see later for the block list, this is interesting.
 

learning_curve

Regular Contributor
~
I want all firefox browsers on my network to exclusively use my ASUS router's custom DNS and DNS privacy protocol (DoT)
~
Besides what's already been correctly posted in this thread, you can disable it within Firefox anyway, if you want:
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top