[Preview] Asuswrt-Merlin 384.11 with DNS over TLS

[Howard_inGA]

I hate it when my router runs so well, there isn't anything to do...I know I need a life beyond RMerlin's wonderful firmware.

DO WHAT I DO!
Put your feet up and enjoy a cool one!!

 

[Elmer]

This wonderful project is a reminder to donate! Just sent. Thanks all.

 

[BeHappy]

Hi @RMerlin,
Is it possible (now or maybe in the future) to assign a device with a fixed IP address to one of the DoT servers. E.g. a different one for the kids to make the internet more safe for them.

Thank you very much for the great firmware!

 

[QuikSilver]

Hi @RMerlin,
Is it possible (now or maybe in the future) to assign a device with a fixed IP address to one of the DoT servers. E.g. a different one for the kids to make the internet more safe for them.

Thank you very much for the great firmware!

Have you looked at the DNSfilter option under the LAN settings?


Sent from my iPhone using Tapatalk

 

[Brenneke]

WAN > Internet Connection > Enable DNSSEC support (Yes No)

I see examples and references to this setting - some are saying set to No, (when using OpenDNS I think) others Yes. Can anyone please clarify what is recommended when using DNS-over-TLS with Cloudflare?

 

[no_name]

WAN > Internet Connection > Enable DNSSEC support (Yes No)

I see examples and references to this setting - some are saying set to No, (when using OpenDNS I think) others Yes. Can anyone please clarify what is recommended when using DNS-over-TLS with Cloudflare?

I use DNS over TLS with Cloudflare and have Enable DNSSEC support set to yes

The Cloudflare site to test your settings is broken and will say you may not be using secure DNS

The Cloudflare site will say you are using secure DNS when you have Enable DNS support set to no




Sent from my iPad using Tapatalk

 

[mbze430]

I need to get some information how the DNS over TLS works on the Merlin firmware. Because I currently have DNSCrypt-Proxy running and it's working pretty well... here is how my DNS query chain is set up:

DNS req client Dual-Stack WAN & LAN -> Internal LAN Microsoft DNS -> ASUS Merlin running Diversion -> ASUS Merlin running DNSCrypt-Proxy w/ DNSSEC ---O> Cloudflare.

If I remove DNSCrypt from my chain and replace it with DoT at the end of the chain, will there be any problems? because I don't see the GUI give me any place to address listening port

 

[ColinTaylor]

Yes, I would just expect to only see one or the other (WAN DNS or Stubby loopback), but not both. Not sure of the real-world scenarios where it would make sense to have all 3 if you want to bypass dnsmasq on the router locally. I suppose it's more academic than anything else at this point.

I was just about to post exactly the same question. Was there an explanation? (I have searched but probably missed the answer). Even more academic from my point of view as I use John's firmware.

 

[dave14305]

I was just about to post exactly the same question. Was there an explanation? (I have searched but probably missed the answer). Even more academic from my point of view as I use John's firmware.

@themiron answered a follow-up question here:
[384.12_Alpha - builds] Testing all variants.

 

[RMerlin]

Locking this thread, since the beta testing of DoT has long been completed.