When using DNSoverTLS with VPN, does Cloudflair see ISP or VPN IP?

Luboknok

Regular Contributor
When using DNSoverTLS in Merlin router and exclusive VPN, do the dns resolvers (cloudflair, etc) receive the request from the VPNs IP, or from the local router IP? In other words, does DNSoverTLS go inside or outside the VPN?
 

SomeWhereOverTheRainBow

Part of the Furniture
When using DNSoverTLS in Merlin router and exclusive VPN, do the dns resolvers (cloudflair, etc) receive the request from the VPNs IP, or from the local router IP? In other words, does DNSoverTLS go inside or outside the VPN?
Isp unless you are running dot through the vpn tunnel somehow. Btw the exclusive mode sets the dns used by vpn to vpn dns.
 

skeal

Part of the Furniture
If you want to use the routers DNS over TLS in the tunnel just set this setting in the VPN client settings.
Code:
Accept DNS Configuration to disabled
 

SomeWhereOverTheRainBow

Part of the Furniture
If you want to use the routers DNS over TLS in the tunnel just set this setting in the VPN client settings.
Code:
Accept DNS Configuration to disabled
@Luboknok
This means your encryption would lie on the side of your ISP's IP and not your VPN. In retrospect, your VPN will not be able to see your DNS lookups as they would reside out side the tunnel and be encrypted.
 

Luboknok

Regular Contributor
Thanks for all the answers, although the last two seem to contradict. I suppose there is no practical reason to use DNSoverTLS inside the VPN tunnel, but it would be another layer of encryption.
 

Pak Kriss

Regular Contributor
Thanks for all the answers, although the last two seem to contradict. I suppose there is no practical reason to use DNSoverTLS inside the VPN tunnel, but it would be another layer of encryption.
You never lived nor acted in a censorship environment :)

Sent from my SM-T805 using Tapatalk
 

jorgsmash

Regular Contributor
From my understanding, if you have the VPN DNS set to exclusive, the VPN-routed clients will only use the DNS servers supplied by the VPN. Thus, your DoT settings would not apply to your VPN routed clients. If you set the VPN to allow DNS from outside the VPN (through DoT or otherwise), then you run the risk of the DNS queries being made by your ISP ip, not your VPN ip. But if you use DoT then the queries would be encrypted. I personally have not found a good way to test if DoT is working, but I haven't looked into it too much. I got my ASUS router not too long ago so I'm new to the WRT-Merlin community.

Are you using the D0T settings in the GUI? What are your VPN settings for "Force Internet traffic through tunnel" and "Block routed clients if tunnel goes down"?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top