What's new
By:

What's the point of DoH/DoT

N

nikr

Guest
I've been running Pihole with cloudflare doh proxy for sometime now. While it works ok, I've been considering ditching it for Asus-merlin built in dot with nextdns. But does DoH/DoT makes any difference. My ISP can still see the IPs i am communicating with and can do reverse dns lookup to see what I am doing if they want to and if they dont it does not really matter anyways. I understand it prevents alteration of reply but that can also be accomplished with dnssec.

I know I am missing something, but cannot figure out what..
 
Last edited by a moderator:
nikr said:
I've been running Pihole with cloudflare doh proxy for sometime now. While it works ok, I've been considering ditching it for Asus-merlin built in dot with nextdns. But does DoH/DoT makes any difference. My ISP can still see the IPs i am communicating with and can do reverse dns lookup to see what I am doing if they want to and if they dont it does not really matter anyways. I understand it prevents alteration of reply but that can also be accomplished with dnssec.

I know I am missing something, but cannot figure out what..
Click to expand...
Much has been written on the topic. Boils down to what level of security or no security you are comfortable with.
This is a bit old but good: https://blog.apnic.net/2018/08/20/dnssec-and-dns-over-tls/
As for me I feel more comfortable using DoT (not DoH) with DNSSEC. We've gotten both built into the Merlin custom firmware for Asus routers.
 
An interview with Bill Woodcock (Quad 9 DNS) here.
He has quite the definite view of DoT vs DoH.
Well worth a read........

DNS privacy, legal enforcement and Quad9: a conversation with Bill Woodcock

Quad9 is a free Domain Name System (DNS) service, focusing on privacy and security. In February 2021, the company reincorporated in Switzerland to provide its users even stronger privacy guarantees. The move was facilitated by SWITCH, a CENTR member and registry for the .ch and .li top level ...
centr.org centr.org
 
You must log in or register to reply here.

Similar threads

M
Solved DNS Director not forcing manual DNS... IPtables?
Replies
7
Views
859
bennor
B
G
VPN on Router Failing when Connecting to Disney Plus
Replies
9
Views
3K
georgev
G
Tom Jo-Jo Junior Shabadoo
Google TV DNS problem
Replies
1
Views
3K
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
SR-71
Secure/Alternate DNS Server Config Questions on WAN tab (AX86U Pro)
Replies
17
Views
2K
NoLight
N
outlaw78
DNS Director / DoT over TLS
Replies
18
Views
4K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
A DNS DoT, DNSSEC with Rebind Protection - Sanity Check. General Network Security 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 3,299 (members: 5, guests: 3,294)
Back
Top