Menu
What's new
By:
Filters Better Search

What's the point of DoH/DoT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

nikr

Guest
I've been running Pihole with cloudflare doh proxy for sometime now. While it works ok, I've been considering ditching it for Asus-merlin built in dot with nextdns. But does DoH/DoT makes any difference. My ISP can still see the IPs i am communicating with and can do reverse dns lookup to see what I am doing if they want to and if they dont it does not really matter anyways. I understand it prevents alteration of reply but that can also be accomplished with dnssec.

I know I am missing something, but cannot figure out what..
 
Last edited by a moderator:
nikr said:
I've been running Pihole with cloudflare doh proxy for sometime now. While it works ok, I've been considering ditching it for Asus-merlin built in dot with nextdns. But does DoH/DoT makes any difference. My ISP can still see the IPs i am communicating with and can do reverse dns lookup to see what I am doing if they want to and if they dont it does not really matter anyways. I understand it prevents alteration of reply but that can also be accomplished with dnssec.

I know I am missing something, but cannot figure out what..
Click to expand...
Much has been written on the topic. Boils down to what level of security or no security you are comfortable with.
This is a bit old but good: https://blog.apnic.net/2018/08/20/dnssec-and-dns-over-tls/
As for me I feel more comfortable using DoT (not DoH) with DNSSEC. We've gotten both built into the Merlin custom firmware for Asus routers.
 
An interview with Bill Woodcock (Quad 9 DNS) here.
He has quite the definite view of DoT vs DoH.
Well worth a read........

DNS privacy, legal enforcement and Quad9: a conversation with Bill Woodcock

Quad9 is a free Domain Name System (DNS) service, focusing on privacy and security. In February 2021, the company reincorporated in Switzerland to provide its users even stronger privacy guarantees. The move was facilitated by SWITCH, a CENTR member and registry for the .ch and .li top level ...
centr.org centr.org
 
You must log in or register to reply here.

Similar threads

R
Would any of this make my browsing more secure? (WAN DNS settings)
2
Replies
20
Views
1K
aru
aru
L
NextDNS Windows installler
Replies
15
Views
1K
liukuohao
L
0
Optimal trustless privacy configuration (DNScrypt/Unbound/Wireguard?)
Replies
0
Views
445
0BQ6pJI8L1y3azukIPft
0
M
confused about the 3 different DNS settings
Replies
3
Views
960
drinkingbird
drinkingbird
E
DNS over HTTPS setting via ASUS Routers
Replies
1
Views
3K
bbunge
bbunge

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 495 (members: 9, guests: 486)
Top