Validating DNS over TLS

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Occasional Visitor
Hi, most likely a very simple question but would like to confirm rather than blindly presume. I have been setting up DNS over TLS following the wiki guide. I used cloudflare DNS servers. After setting it up however all the test websites I tried say TLS is not being used (even when DNSSEC was off).

Anyhow I installed tcpdump and using the command in the wiki, watched and saw all the queries go to and come back from but they all originate from ports like my.ip:60727. I guess I expected them to be from 853 also, does it look like TLS is being used??



Asuswrt-Merlin dev
I guess I expected them to be from 853 also,
No, that is normal. The source port will be a random port, just like when you access a web site on port 443, the local port used by your browser will be a random one.

As long you are using remote port 853, then you are definitely using DNS-over-TLS.

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!