Menu
What's new
By:
Filters Better Search

DoT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hey all, just wanted to say thanks for all your help. A number of you contributed to this thread with a lot of great info which I could not piece together from searches done. I went ahead and went thru the logs and it looks great always hitting one of the DoT servers listed. Thank you all once again!
 
RMerlin said:
Your router needs to talk to an NTP server to set its clock before encryption can be used. So, no DoT without a working regular DNS to set that clock first.
Click to expand...
Then it is logical to write in these fields of the DNS address using port 53, eg provider address?
p.s. these fields are empty for me and everything works well :cool:
 
Last edited:
RAH-66 said:
Then it is logical to write in these fields of the DNS address using port 53, eg provider address?
Click to expand...
If you want to use your provider's addresses just set "Connect to DNS Server automatically" to Yes. Otherwise you can manually enter non-provider addresses like 8.8.8.8 or 1.1.1.1.

p.s. these fields are empty for me and everything works well :cool:
Click to expand...
If NTP has not (or cannot) set the date & time by the time Stubby starts it will start in "no-TLS mode". This may allow the router to resolve NTP addresses so that it can then set the date & time, after which Stubby will restart in "strict mode".

http://www.snbforums.com/threads/fo...ts-dns-over-tls-beta-closed.48115/post-423104
https://github.com/RMerl/asuswrt-me...30eabe/release/src/router/rc/services.c#L2006
 
Last edited:
Great thread guys.

I just installed Tcpdump.

When I run where does it capture the log?
 
ColinTaylor said:
The output goes to stdout unless you direct it elsewhere.

tcpdump(1) man page | TCPDUMP & LIBPCAP

www.tcpdump.org www.tcpdump.org
Click to expand...

another question when I run the command in ssh should I not see some output in the window as its running?

1614265373765.png


ok if i remove the port info I see it capturing.

1614265641065.png
 
ColinTaylor said:
So is it working when you use the correct interface?
Click to expand...

It only works when I take out the port info.
Eth0 or vlan35 both work without it.
And the end result which was confirmation of which port is there.

1614269147086.png
 
Last edited:
Makaveli said:
It only works when I take out the port info.

Eth0 or vlan35 both work without it.

And the end result which was confirmation of which port is there.

View attachment 31260
Click to expand...
OK looking into this a bit more it's because PPPoE is its own protocol (as shown in your image) but tcpdump's "port" parameter matches IP packets not PPPoE.

Oh well, you found your answer anyway. :)
 
ColinTaylor said:
@Makaveli Just a thought (because I don't have PPPoE), do you have another IP interface called something like ppp0 that you could use?
Click to expand...
If I run ip a from ssh I do.

1614270795280.png


And that did the trick the command works now with port info good catch.

1614271032363.png
 
ColinTaylor said:
If you want to use your provider's addresses just set "Connect to DNS Server automatically" to Yes. Otherwise you can manually enter non-provider addresses like 8.8.8.8 or 1.1.1.1.
Click to expand...
ColinTaylor said:
If NTP has not (or cannot) set the date & time by the time Stubby starts it will start in "no-TLS mode". This may allow the router to resolve NTP addresses so that it can then set the date & time, after which Stubby will restart in "strict mode".
Click to expand...
Wait ... again the question is not fully resolved. I am using DoT AdGuard. Do I understand correctly that to speed up the loading process, I can enter (manual) the addresses of the DNS 1/2 port 53 of the local provider (not Google, not quad, etc.), in the fields and then the correct connection to the DoT DNS server AdGuard will occur?
 
RAH-66 said:
Wait ... again the question is not fully resolved. I am using DoT AdGuard. Do I understand correctly that to speed up the loading process, I can enter (manual) the addresses of the DNS 1/2 port 53 of the local provider (not Google, not quad, etc.), in the fields and then the correct connection to the DoT DNS server AdGuard will occur?
Click to expand...
Whether there is any "speed up" will probably depend on which DNS servers you are using and how many other services you are running on your router. Only you can find that out by timing different configurations. But I doubt there would be more than 10 seconds difference from best to worst. Not something worth worrying about IMHO.
 
You must log in or register to reply here.

Similar threads

muffintastic
Unbound Force all DNS requests through Unbound using iptables?
Replies
14
Views
491
RMerlin
RMerlin
M
RT-AX86U and DNS Privacy over USB WAN
Replies
0
Views
204
metahome
M
T
Using DOT DNS breaks ECS
Replies
9
Views
882
ColinTaylor
C
T
ControlD with Merlin
2 3
Replies
42
Views
3K
bluzfanmr1
bluzfanmr1
Preskitt.man
DNS Issue?? AX5800 Pro Issue??
Replies
2
Views
283
bbunge
bbunge
Similar threads
Thread starter Title Forum Replies Date
L Suggestion: DNS Director, add optional compatibility with DOT Asuswrt-Merlin 2
T Using DOT DNS breaks ECS Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,005 (members: 42, guests: 963)
Top