See first postI still hope that this firmware has support for DNSCrypt DoH, to use it.
Turn off DNSSEC when using the Cloudflare test site.Any other server always results in a "No" for "Using DNS over TLS (DoT)".
Yes I noticed this as well.Using the webpage https://cloudflare-dns.com/help/ to check for DNS over TLS works with only cloudflare servers for me. Any other server always results in a "No" for "Using DNS over TLS (DoT)".
Makes no difference. Appears to be just a test to Cloudfare (kinda makes sense, I'm not sure how they could test your traffic to someone else's server).Turn off DNSSEC when using the Cloudflare test site.
Here are the entries for the stubby-resolvers.csv for CleanBrowsing:I have noticed-
Using the webpage https://cloudflare-dns.com/help/ to check for DNS over TLS works with only cloudflare servers for me. Any other server always results in a "No" for "Using DNS over TLS (DoT)".
I have tried to add another server to the stubby-resolvers.csv file with this line:
"Cleanbrowsing",185.228.168.10,,853,adult-filter-dns.cleanbrowsing.org,,,yes,yes
However, I am not sure it or any of the other servers are working since they all give a "No" when I check DNS over TLS on that webpage. Anyone else observe this or am I the only one?
Is there any (other) simple way to check if DNS over TLS is working? Perhaps I have missed something and that webpage only works to check the cloudflare servers?
I know their test site used to work on other sites (I used it during development), but sure enough, it's not working now. Maybe Cloudflare made a change.Makes no difference. Appears to be just a test to Cloudfare (kinda makes sense, I'm not sure how they could test your traffic to someone else's server).
Would need to have something implemented in stubby to provide a status.Guys I think you could figure out DNS over TLS status in the firmware- sort of like the VPN-status page for the VPNs? Each selected server could have an indicator for whether DNS over TLS was running. Well, that would be epic if it were possible.
As I mentioned before, after some thought I'm reluctant to include servers that haven't been verified and listed by either the stubby developers or dnsprivacy.org After all, it could be a dns hijack disguised as a DoT server.Here are the entries for the stubby-resolvers.csv for CleanBrowsing:
CleanBrowsing is listed by dnsprivacy.org by means of a link to github. But I agree with your approach to verify.As I mentioned before, after some thought I'm reluctant to include servers that haven't been verified and listed by either the stubby developers or dnsprivacy.org After all, it could be a dns hijack disguised as a DoT server.
Two possibilities
- If you like these servers, send a note to the owners asking them to contact dnsprivacy.org and have them officially recognized
- I could add an 'unverified' servers section with a hidden setting to activate them.
I'll double check....I didn't see it in the server list.CleanBrowsing is listed by dnsprivacy.org by means of a link to github.
What kind of failure scenario are you trying to detect?It seems like stubby will suffer from the same "am I connected or not?" feeling I sometimes get using vpn. Vpn is pretty easy to check, though. Would some command like this:
netstat -lnptu | grep stubby
Give information as to whether stubby is working?
Edit-
It does work in that it at least tells me whether stubby is listening or not. Not sure if that exactly equates to "working" but it's something.
If you have more than one server configured, it will try the next server. The failing server will not be used again for 2sec (a TLS failure) to 15min (a totally dead server). If all the DoT servers are dead, it's just like any other DNS failure and your connection won't be able to resolve anything (it doesn't fall back to the old defaults).@john9527 You probably explained this before but I can't find it ATM . What happens if stubby can't connect (or looses connection) to its servers? Do you just get DNS lookup failures. If so then it's like any other DNS server failure and doesn't require a specific "status" page IMHO.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!