What's new

DNS-over-TLS (DoT) - How do I know it's working?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

opkg install tcpdump
tcpdump -ni eth0 -p port 53 or port 853
Thanks both!

RAH, I guess what I meant was, if I'm not assigning Cloudflare to those two DNS Entry spots, they wouldn't be assigned anywhere else either, so then how could I still use them?

The only wrinkle in my set-up at this point was that there were a few port 53 entries appearing in my log tail (i.e. - Spotify, Microsoft, Amazon). The rest were port 853.

Thanks again!
 
clear the DNS Server1 and DNS Server2 fields, leave them blank
I was under the impression that you could leave these populated and the router would only use these during bootup, before the DoT connection had been established. Otherwise if you clear these I believe your ISP's automatically assigned DNS servers would be used during this time. I guess it doesn't really matter, but I'd rather any and all requests go to where I say and not just let my ISP handle it during that period.

But am I under the false impression that leaving entries here or clearing them out really doesn't matter?
 
I was under the impression that you could leave these populated and the router would only use these during bootup, before the DoT connection had been established. Otherwise if you clear these I believe your ISP's automatically assigned DNS servers would be used during this time. I guess it doesn't really matter, but I'd rather any and all requests go to where I say and not just let my ISP handle it during that period.

But am I under the false impression that leaving entries here or clearing them out really doesn't matter?
Running your router without valid DNS1 or 2 on WAN page is a bad idea. It won’t default to ISP DHCP if you’ve set it not to “Connect automatically...”. I don’t even think the GUI allows you to erase them and hit apply.
 
Running your router without valid DNS1 or 2 on WAN page is a bad idea. It won’t default to ISP DHCP if you’ve set it not to “Connect automatically...”. I don’t even think the GUI allows you to erase them and hit apply.
Well the default state is Connect Automatically... and empty fields. I'm not sure if it lets you revert to this state after you set it or if that would require a factory reset. And I think I remember doing some screwing around way back and I think even if you don't ever set a DNS server and also turn off "connect automatically..." AsusWRT will still go out and grab those ISP DNS addresses as I think it's all a part of the DHCP server at your ISP. I'm not sure how much they are used at this point or after, though.
 
Thanks, both!

If I were to disable DNSSec, would that leave me 'less secure' than having both DNSSec and DoT enabled?

I ran the test at the site listed, and got the 'thumbs up result'. Does this confirm DoT, or just DNSSec?
Additionally, when I tested sites labeled as "Sites With Bad DNSSEC Signatures", both sites failed to resolve. Is that the expected result?

Thanks again for the never-ending information.
not going to lie but as of today (14 May 2023), this issue still persist where I have to leave DNSSec disabled for the test to show that I am using DNS over TLS :(. I wouldve thought that given this issue was 3 years ago, Cloudflare wouldve solved it.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top