What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Asus XT8 DNS madness

tournakos said:
At the moment the DNS server has changed and it is working as expected with the settings as shown (the issue was resolved after a hard reset). Why would it be more beneficial to switch “Prevent client auto DoH” and “Enable DNSSEC support” to Yes? And would that mean that then I could disable the Dns over Tls as it would honour the wan dns settings? Or I got that wrong??
Click to expand...
If you want real security, the router's DNS should be the resolver instead of a caching forwarder.
DNSSEC encrypts the connection between the local DNS in the router and the external DNS.
DOH is used to bypass the system DNS stack which would cause DNS leaks on the client. That is why this activity should be forbidden to perform on your network if you want real security.
 
tournakos said:
And would that mean that then I could disable the Dns over Tls as it would honour the wan dns settings? Or I got that wrong??
Click to expand...
DNS over TLS setting is neither here nor there and depends on the DNS server your DNS server in the router connects to. The software in the router works like this: if the DNS server doesn't support TLS usuyually it will drop to TCP to see if the DNS is going to connect at a different port, then it reverts to UDP to see if DNS is served by UDP.
The only reason why you have this control available to you is if the older DNS systems that you connect to don't use TLS (TCP at port 8953) and have issues with it and times out the connection before the router retries with tcp or udp.
 
tournakos said:
Surprisingly it works fine when changing the dns entries of the providers router. Just tried cloudflare
Click to expand...

This ISP provided gateway has some fancy features then...

Keep your current configuration, you don't need anything else to fix.

1742940573540.png
 
dave14305 said:
Does it?
Click to expand...
it uses a cryptography based on a public key, but its primary use is preventing DNS poisoning. Without this, a hacker can intercept and read the DNS stack query,
Btw most ISP DNS servers are UDP or TCp and almost never TLS and issues with connecting to your ISP is usually because TLS is used. Most will connect TCP or UDP even though UDP is the standard.
 
Last edited:
Digilog said:
DNSSEC encrypts the connection between the local DNS in the router and the external DNS.
Click to expand...
DNSSEC digitally signs DNS records but it does not encrypt the connection.
Digilog said:
The only reason why you have this control available to you is if the older DNS systems that you connect to don't use TLS (TCP at port 8953) and have issues with it and times out the connection before the router retries with tcp or udp.
Click to expand...
Typo? DoT uses port 853 not 8953.

Tech9 said:
This ISP provided gateway has some fancy features then...
Click to expand...
Reading some more about his ISP router I don't think this is particularly "fancy". It appears to use simple DNS redirection for safer browsing, but only when the ISP's DNS servers are selected. This seems to have caused issues for some of the ISP's customers as this behaviour is not well publicised.
 
Last edited:
Interesting approach, something new and good to know in my case.

Thanks @tournakos for the heads up because I'll need Internet service in Greece soon. 👍
 
Tech9 said:
Interesting approach, something new and good to know in my case.

Thanks @tournakos for the heads up because I'll need Internet service in Greece soon. 👍
Click to expand...
Although the Greek Tel Commission has made it obligatory that ISPs cannot bind you down to their own router, it is very difficult to avoid using them altogether because fixed line VOIP is available through them and difficult to set up with third party gateways (passwords expire etc). In any case I would go with Cosmote as the quality of the service is ridiculously good both fixed and mobile.
 
Thank you. I need to research available options first because the place is not exactly in a city. Need internet only.
 
You must log in or register to reply here.

Similar threads

L
Suggestion: DNS Director, add optional compatibility with DOT
Replies
2
Views
491
Linuxer
L
M
Wireguard DNS issues
Replies
15
Views
766
Martin
M
M
ASUS XT8 w/ 2.5G multigig switch +XT8 nodes not working (need help)
Replies
3
Views
953
Tech9
Tech9
Tom Jo-Jo Junior Shabadoo
Google TV DNS problem
Replies
1
Views
321
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
N
IPv6 Not Allowing Manual DNS Server
Replies
12
Views
819
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
B Is my ASUS Zen WiFi AX XT8 bricked? ASUS AX Routers & Adapters (Wi-Fi 6/6e) 1
S Asus XT8 WAN port speed stuck at 100Mbps ASUS AX Routers & Adapters (Wi-Fi 6/6e) 8
S Connecting Asus Zen WiFi XT8 to existing network and router. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 14
D ASUS ZenWiFi AX (XT8) - devices intermittently disconnect and do not reconnect. ASUS AX Routers & Adapters (Wi-Fi 6/6e) 8
N Asus ZenWifi XT8 - All on 1 node ASUS AX Routers & Adapters (Wi-Fi 6/6e) 4
L Asus ZenWifi XT8 wired packet loss ASUS AX Routers & Adapters (Wi-Fi 6/6e) 4
M Asus XT8 devices are not connecting again ASUS AX Routers & Adapters (Wi-Fi 6/6e) 6
F ASUS XT8 - V1 (RT-AX95) NAND DUMP needed ASUS AX Routers & Adapters (Wi-Fi 6/6e) 0
F Solved Fixed! - ASUS XT8 - Wrong FW flashed - Rescue not available - CFE OK ASUS AX Routers & Adapters (Wi-Fi 6/6e) 11
L ASUS XT8 and RT-AXE7800 won't work together in AiMesh setup ASUS AX Routers & Adapters (Wi-Fi 6/6e) 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 569 (members: 31, guests: 538)
Back
Top