What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can't seem to get DoT to work with Cloudflare

Deetlemore said:
The more I've messed with it, the more I think that I just can't reach those domains for whatever reason.

The fact that I don't even get a confirmation on Clodflare's test site that I'm using their DNS, when I can verify that I am through other methods, makes me think this is some fringe case and DoT is actually working fine.
Click to expand...

It's possible your ISP or County do not allow encrypted DNS over TLS via cloud flare domains since your encrypting the dns domain lookups. That's not to say they can't see the reverse lookup the ip address your connected to but likely more of a pain in the butt. That said I have no idea why you cannot connect to cloudflare via DoT. My suggestion would be to attempt to use a vpn on the router with DoT or a VPN on your computer with a browser with DoT support.
 
After learning the basics of tcpdump, I can confirm that DoT is working. All DNS queries are using port 853, and if I disable DoT, then I see port 53 as expected. I'm going to just chalk up Cloudflare's test page as having a grudge towards some facet of my setup or ISP.
 
Deetlemore said:
After learning the basics of tcpdump, I can confirm that DoT is working. All DNS queries are using port 853, and if I disable DoT, then I see port 53 as expected. I'm going to just chalk up Cloudflare's test page as having a grudge towards some facet of my setup or ISP.
Click to expand...
If you want, install bind-dig from Entware and run some test queries:
Code: 
dig is-dot.help.every1dns.net @127.0.0.1
dig is-dot.help.every1dns.net @127.0.1.1
dig is-dot.help.every1dns.net +tls @1.1.1.1
In theory, all should produce the same answers. But if they differ, that might tell us something.
 
RT-AX86U Pro, Merlin 388.2. My WAN settings generally look like the others posted. My question has to do with the dnscheck results. The results populate with my ISP address, the ad guard dns resolvers, and DNSSEC passes. About 5 seconds later the Cloudflare DNS resolver info populates. Not sure if that's good or bad.

1684342309228.png


1684342338531.png
 
You must log in or register to reply here.

Similar threads

B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
1K
easyriider
easyriider
D
Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled
Replies
4
Views
3K
DroidST
D
J
Questions with using OpenVPN with DoT and Diversion
Replies
13
Views
2K
Caesar the Dictator
C
B
Cloudflare 1.1.1.2 & 1.1.1.3 DoT
Replies
3
Views
9K
Treadler
Treadler
storkinsj
DNS failing with heavy UDP traffic
2
Replies
32
Views
6K
storkinsj
storkinsj
Similar threads
Thread starter Title Forum Replies Date
F OpenVPN Server - Client speeds seem capped at 20mbps?? Asuswrt-Merlin 3
W 388.8.4 release seem to have cause AIMESH stability issue Asuswrt-Merlin 25
C dnsmasq processes seem to be the wrong way around Asuswrt-Merlin 1
Diamond67 Solved My radio problems with the latest Merlin fw 386.12_4 seem to be over Asuswrt-Merlin 1
C DOT & IoT Devices Asuswrt-Merlin 3
L Suggestion: DNS Director, add optional compatibility with DOT Asuswrt-Merlin 2
T Using DOT DNS breaks ECS Asuswrt-Merlin 9
A CloudFlare Proxied DNS, can't login to Asus router Asuswrt-Merlin 10
L Cloudflare custom DDNS - In-A-Dyn Asuswrt-Merlin 11
E Cloudflare ddns-start script Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 477 (members: 22, guests: 455)
Back
Top