Sometimes that is because of the response time of the DNS server.
dnsmasq starts off using the secondary (or last) nameserver. In theory its meant to favour the fastest server and periodically checks to see which that is. I've just tested this behaviour again. A server has to be significantly faster than the current one for it to switch servers.
For me, port 53 gets hijacked and port 853 does not.
Did you try resetting the router? I’ve found DNS to be a bit fickle if you mess with it a lot.
That's one of the benefits of DOT. Because it uses TLS, you cannot hijack it - the public certificate won't match the private key on the server. The best they could do is block port 853.
On the DoT list on WAN. just add ipv6 DNS servers. It should work fine too
This is *exactly* why you would want to configure a whole-home VPN and route all your local traffic through it... using Quad9 or whatever DoH/DoT services you need to, to keep your queries safe from prying ISP eyes. Keep whatever is going over your WAN traffic to an absolute minimum. Ever since the FCC changed the rules here in the US, I have done my part in preventing our ISPs from intercepting our traffic for their particular purposes. Shameless plug for VPNMON-R2, which even takes it a step beyond and keeps them guessing through massive randomization of endpoints within your country or multiple countries. You've definitely hit my hot button with this one.
This is *exactly* why you would want to configure a whole-home VPN and route all your local traffic through it... using Quad9 or whatever DoH/DoT services you need to, to keep your queries safe from prying ISP eyes. Keep whatever is going over your WAN traffic to an absolute minimum. Ever since the FCC changed the rules here in the US, I have done my part in preventing our ISPs from intercepting our traffic for their particular purposes. Shameless plug for VPNMON-R2, which even takes it a step beyond and keeps them guessing through massive randomization of endpoints within your country or multiple countries. You've definitely hit my hot button with this one.
I've never seen DoT hang... Sounds like either config issues, WAN issues or possibly ISP interference...
200+Mbps ain't too bad. Always a risk, but try to stick with the right VPN vendor that might not be doing no harm or no logging.
Intermittent, about every month or two. Now you have heard of it. By hang, I mean fail to respond.
Agree. Been running DoT for maybe 3 years. Started out running on Tomato. Now on Asus Merlin. Config is important as you want to select DNS providers with a presence near you.
Sorry to hear that, @Morris... it's just that in the years I've been using DoT, I haven't had a single issue. It's only as stable as the DoT servers you select.
Same here. Been running DoT since the first time it arrived on Merlin FW. Never fail to respond to queries. Make sure the servers are good since i tried a few back then and sometimes it times out and when I checked on stubby it seems like some servers sometimes just stops working for a few and then works again for some reason.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!
