Menu
What's new
By:
Filters Better Search

DNS over TLS vs VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

cc666

Very Senior Member
I am wondering what the experts think here including Merlin if he is kind enough to comment.
What is more secure DNS over TLS or a VPN with wireguard. The real question is with my setup
do I really need a VPN?

I do not have an fancy setup, 6 TV's streaming just about every major service availiable. Work computer.
3 ipads, 4 laptops, 5 homepods, video doorbell, wireless garage doors, and 8 wireless switches for lighting.

I have 1 GB down 50 mb up service. With wireguard the best I get wireless is 400 down. 3 TV's are hard wired
so they remain about 97 MB down with or without VPN. The wireless connections suffer. For instance
my laptop with no VPN has 600 mb down, with wireguard 400. All other streams are cut on average 30% speed.
Tv's streasming on wifi average 376 mb down on DNS over TLS and 220 with Wireguard VPN.

What do you think? VPN or DNS over TLS?

Thank you in advance

CC
 
Last edited:
DoT and a VPN service are two completely different things so they're not really comparable. I believe there's already some lengthy explanations about what DoT does and doesn't do on the forum. As for VPN, they only provide privacy from your ISP and a certain level of anonymity. So their main use is to either hide illegal activity from your ISP (e.g. torrenting), or change your geographic location so as to access geo-restricted services (e.g. Netflix).
 
ColinTaylor said:
DoT and a VPN service are two completely different things so they're not really comparable. I believe there's already some lengthy explanations about what DoT does and doesn't do on the forum. As for VPN, they only provide privacy from your ISP and a certain level of anonymity. So their main use is to either hide illegal activity from your ISP (e.g. torrenting), or change your geographic location so as to access geo-restricted services (e.g. Netflix).
Click to expand...

I do NOT torrent or do anything close to illegal activity. I do hear that if I have some level of anonymity from my ISP then they will NOT throttle the speed. Not sure if thats true or false. The other thing is that VPN has a level of controlling trackers, adds and malware? As far as changing gegrraphical location, I do NOT need that.

CC
 
cc666 said:
I do NOT torrent or do anything close to illegal activity. I do hear that if I have some level of anonymity from my ISP then they will NOT throttle the speed. Not sure if thats true or false. The other thing is that VPN has a level of controlling trackers, adds and malware? As far as changing gegrraphical location, I do NOT need that.

CC
Click to expand...
Personally I use DoT... it basically keeps your DNS lookups more private than other methods from your ISP (or country's) prying eyes. It is well worth doing these lookups over VPN for even better privacy.

But yeah, I also make use of VPN (OpenVPN) as a whole-home solution - all clients that want internet access must go out through our VPN connection. I did grow tired of constantly having to fight with streaming video providers, like netflix, disney+, hbomax, etc... and ended up just excluding our Smart TVs from requiring them to use the VPN tunnel, so they just stream their content directly over the WAN. It works, and much less of a headache for me. ;)
 
cc666 said:
do I really need a VPN?
Click to expand...

You don't need VPN. What you are looking for is filtered DNS service. There are many to choose from with different filters and DoT support, if you want encrypted DNS. Popular ones are Quad9 (no configuration), Cloudflare (for families), CleanBrowsing (free filters), OpenDNS (with custom categories), AdGuard (blocks ads), etc. Check them out and see what fits best your needs.
 
cc666 said:
I do hear that if I have some level of anonymity from my ISP then they will NOT throttle the speed. Not sure if thats true or false.
Click to expand...
Many years ago my ISP would throttle P2P traffic (i.e. torrents). They don't do that anymore.

cc666 said:
The other thing is that VPN has a level of controlling trackers, adds and malware?
Click to expand...
A VPN wouldn't do that just by virtue of being a VPN. It's possible the VPN provider is also providing an ad/tracker/malware blocking service, the same as using Cloudflare, Quad9, etc. DNS might do. But I don't think that's normally the case.
 
Tech9 said:
You don't need VPN. What you are looking for is filtered DNS service. There are many to choose from with different filters and DoT support, if you want encrypted DNS. Popular ones are Quad9 (no configuration), Cloudflare (for families), CleanBrowsing (free filters), OpenDNS (with custom categories), AdGuard (blocks ads), etc. Check them out and see what fits best your needs.
Click to expand...

I assume VPN disables DNS over TLS. Thats what I am seeing on my GT-AXE11000. So I assume its one or the other?

CC
 
cc666 said:
I assume VPN disables DNS over TLS. Thats what I am seeing on my GT-AXE11000. So I assume its one or the other?

CC
Click to expand...
No... optimally, you want DoT to work across your VPN tunnel... This would ensure the greatest privacy (possible).
 
cc666 said:
So I assume its one or the other?
Click to expand...

DoT is DNS encryption method, VPN (in this case) is data tunneling to another exit point.

Viktor Jaep said:
No... optimally, you want DoT to work across your VPN tunnel...
Click to expand...

This is not needed. The DNS queries over (encrypted) VPN are encrypted already. What greatest privacy with no control over the other end?
 
Tech9 said:
DoT is DNS encryption method, VPN (in this case) is data tunneling to another exit point.



This is not needed. The DNS queries over (encrypted) VPN are encrypted already. What greatest privacy with no control over the other end?
Click to expand...

OK so final reccomendation is get rid of VPN and go back to the DNS ove TLS?

CC
 
Folks around tend to overcomplicate things. Your fastest DNS service is your ISP DNS - guaranteed. The ISP sees what servers you connect to regardless of your DNS queries encryption. If they want to, they can reconstruct your browsing history pretty accurately. Are you afraid from MITM attacks? DoT will limit the number of available servers and requires extra processing - potentially slower response times. You may have issues with some IoT devices and DoT. Popular DNS filtering services may not have servers close to your location. Have you checked which ones do and provide fast service? There is no general recommendation. You know what are you doing or you don't.
 
You must log in or register to reply here.

Similar threads

jz87
AX58U | Flashed to Merlin | Logs are Scary
Replies
13
Views
2K
drinkingbird
drinkingbird
M
VPN setup with ASUS, QNAP and SOPHOS
Replies
1
Views
1K
L&LD
L&LD
Intrepid2007
DNS Filter (DNS over TLS, port 853)
Replies
6
Views
4K
DroidST
D
D
Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled
Replies
4
Views
3K
DroidST
D
M
VPN speed gradually slows down vs WAN
Replies
8
Views
2K
markran
M
Similar threads
Thread starter Title Forum Replies Date
C isp block dns over tls and poison any unencrypted dns resolution Asuswrt-Merlin 14
V Opera DNS-over tls Asuswrt-Merlin 0
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
A DNS/TLS IPv6. Asuswrt-Merlin 18
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
Preskitt.man DNS Issue?? AX5800 Pro Issue?? Asuswrt-Merlin 2
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
plapic DNS Director Asuswrt-Merlin 7
P DNS Director - Proprietary? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 717 (members: 31, guests: 686)
Top