Problems with CloudFlare DoT

[intr0]

I have the same issue as yours. When changing to Quad9, the ipleak.net website failed to load, but was back to normal while using Cloudflare or Google DNS resolver. Thus, I am using Google DNS for DoT, together with Skynet and Diversion for malware and ads protection.

Definitely have to have Mal/Advert/Tracker/etc. servers blocked. Can't enjoy the most basic of tasks online without it.

 

[intr0]

Thought I'd share this - for anyone interested in using CloudFlare DoT, it's resolving properly now (for me) via the Router's GUI settings.

{"isCf":"Yes","isDot":"Yes","isDoh":"No","resolverIp-1.1.1.1":"Yes","resolverIp-1.0.0.1":"Yes","resolverIp-2606:4700:4700::1111":"Yes","resolverIp-2606:4700:4700::1001":"Yes","datacenterLocation":"***","isWarp":"No","ispName":"Cloudflare","ispAsn":"13335"}

 

[Frankflash]

they have had a crash at one of their data centers

 

[New2This]

Probably why then I was getting routed to US can not canada

 

[Treadler]

DoT via Cloudflare working brilliantly here.
Now watch it break........


[Edit]
https://www.itnews.com.au/news/remote-hands-flub-takes-out-much-of-cloudflare-546752

 

[netware5]

I got fed up with public DNS resolvers. Cloudflare is unstable during last days while Quad9 filters "malicous"on their opinion domains and is slow. So I finally jumped to Unbound and now have my own recursive resolver. Works like a charm. The only cons is that now my ISP is able to sniff my DNS queries. But I do believe that in near future the DoT will be implemented in majority of authoritave servers, so it is just matter of time.

Thank you @Martineau for your time devoted to develop Unbound Manager!

 

[intr0]

they have had a crash at one of their data centers

Yes, but it was not a cause of the DoT issues talked of here as they've been ongoing from time to time.

 

[intr0]

I got fed up with public DNS resolvers. Cloudflare is unstable during last days while Quad9 filters "malicous"on their opinion domains and is slow. So I finally jumped to Unbound and now have my own recursive resolver. Works like a charm. The only cons is that now my ISP is able to sniff my DNS queries. But I do believe that in near future the DoT will be implemented in majority of authoritave servers, so it is just matter of time.

Thank you @Martineau for your time devoted to develop Unbound Manager!

Regarding Unbound, I haven't recently looked into it but I remember when Dnsmasq had issues fully supporting DoT due to an issue with time, specifically when the system using it had its time incorrectly configured, either by user mistake or an NTP daemon-issue.

 

[intr0]

I got fed up with public DNS resolvers. Cloudflare is unstable during last days while Quad9 filters "malicous"on their opinion domains and is slow. So I finally jumped to Unbound and now have my own recursive resolver. Works like a charm. The only cons is that now my ISP is able to sniff my DNS queries. But I do believe that in near future the DoT will be implemented in majority of authoritave servers, so it is just matter of time.

Check out:

• https://dns.cmrg.net/ (Canadian)
• https://www.digitale-gesellschaft.c...ver-neuer-service-der-digitalen-gesellschaft/ (Swiss)
  
• https://applied-privacy.net/services/dns/ (Austrian)

 

[RMerlin]

And this new Canadian-based solution:

https://www.cira.ca/cybersecurity-services/canadian-shield

CIRA is the Canadian central registry (who handles the .ca TLD for instance).

 

[heysoundude]

The only cons is that now my ISP is able to sniff my DNS queries. /QUOTE]

This is why you use a VPN, as I understand it. Unbound on your router going through a VPN tunnel should keep your activities pretty private...right @Martineau ?

 

[netware5]

I know. But I am using VPN client at home only occasionally and mainly by a PC client. It is not feasible for me to be constantly VPN connected.

 

[Martineau]

This is why you use a VPN, as I understand it. Unbound on your router going through a VPN tunnel should keep your activities pretty private...right @Martineau ?

Well ......it depends on your view regarding the true effectiveness of using the VPN to obfuscate activity, as (has been repeated many times,) unless you control both ends of the VPN tunnel, then you are 'exposed'.

However, @Chris0815 pioneered the use of successfully sending unbound's DNS request traffic over the VPN.
(Not sure if his unbound stats show a measurable increase in the average DNS request response times etc.? or if there is a tangible slow down with browsing etc.)

 

[intr0]

What is up with circa.ca's "cache tag" HTTP header?

 10531:10531 10911:10911 blazy:blazy-media-image-image-content-width-no-crop-10531-1.1 blazy:blazy-media-image-image-content-width-no-crop-10911-1.1 block_content:1 block_content:11 block_content:136 block_content:141 block_content:16 block_content:21 block_content:6 block_content_view block_view block_view:block_content block_view:block_content:156b4a48-fdbb-47cc-89ea-64432a18f95c block_view:block_content:1e4b9b62-e9ab-466f-93de-9758c31264b7 block_view:block_content:435c0226-c63c-4882-b509-6bb804e10c3e block_view:block_content:8ee1aa69-982c-4e2b-a332-201a042e74a6 block_view:block_content:9f585bcc-2214-4a22-aaf0-00310e13b521 block_view:block_content:be02f145-d2b9-41f2-a194-4c6aac935b5b block_view:block_content:cc88d7ee-e7b9-4eb7-b8c4-44c9ed968660 block_view:entity_field block_view:entity_field:node:field_header_components block_view:local_actions_block block_view:local_tasks_block block_view:system_menu_block block_view:system_menu_block:about-ca-domains block_view:system_menu_block:cybersecurity block_view:system_menu_block:other-initiatives block_view:system_menu_block:our-organization block_view:system_menu_block:what-s-new-at-cira- block_view:system_messages_block block_visibility_group:global_main_menu_and_footer_menu config:block.block.about.cadomains config:block.block.aboutcira config:block.block.addthis config:block.block.back_to_gallery config:block.block.backtoforumtopic config:block.block.backtomeetings config:block.block.backtopressrelease config:block.block.backtoprojects config:block.block.backtosuccessstories config:block.block.banner_blog config:block.block.banner_cdrp config:block.block.banner_forum_topic config:block.block.banner_news config:block.block.banner_search config:block.block.banner_stock_image config:block.block.cadomains config:block.block.categories config:block.block.choose.cacustomcss config:block.block.cirad8_breadcrumbs config:block.block.cirad8_content config:block.block.cirad8_help config:block.block.cirad8_local_actions config:block.block.cirad8_local_tasks config:block.block.cirad8_messages config:block.block.cirad8_search config:block.block.ciralogo config:block.block.connectwithus config:block.block.csshotfix config:block.block.cybersecurity config:block.block.cybersecurityreport config:block.block.domainnameguide config:block.block.facebookpixel config:block.block.facebookpixel_2 config:block.block.footercontentaddress config:block.block.footercontentdomaincounter config:block.block.footerlegalcopyright config:block.block.googletagmanagerbody config:block.block.googletagmanagerhead config:block.block.header_components config:block.block.improvingcanadasinternet config:block.block.languagetoggleonlymenu config:block.block.left_sidebar_components config:block.block.legalpolicyandcompliance config:block.block.main_menu config:block.block.openidconnectlogin config:block.block.otherinitiatives config:block.block.ourorganization config:block.block.redditpixel config:block.block.right_sidebar_components config:block.block.salesfunnelblock config:block.block.shieldmenu config:block.block.support config:block.block.trackingactivecampaign config:block.block.trackingadobesatellite config:block.block.trackingbing config:block.block.trackingcrazyegg config:block.block.trackinglinkedin config:block.block.trackingmarketo config:block.block.trackingsearchwarrant config:block.block.twittersingleeventpixel config:block.block.twitteruniversalpixel config:block.block.useraccountmenu config:block.block.views_block__article_block_1 config:block.block.views_block__article_block_2 config:block.block.views_block__article_block_4 config:block.block.views_block__article_block_5 config:block.block.views_block__article_block_6 config:block.block.views_block__article_block_7 config:block.block.views_block__article_block_8 config:block.block.views_block__blogs_block_1 config:block.block.views_block__blogs_block_2 config:block.block.views_block__blogs_block_3 config:block.block.views_block__blogs_block_4 config:block.block.views_block__blogs_block_5 config:block.block.views_block__blogs_block_7 config:block.block.views_block__board_members_block_1 config:block.block.views_block__board_members_block_2 config:block.block.views_block__cdrp_block_1 config:block.block.views_block__featured_content_block_1 config:block.block.views_block__home_page_block_1 config:block.block.views_block__meeting_minutes_block_1 config:block.block.views_block__newsroom_block_1 config:block.block.views_block__newsroom_block_2 config:block.block.views_block__newsroom_block_3 config:block.block.views_block__policies_block_1 config:block.block.views_block__projects_view_block_1 config:block.block.views_block__registrars_block_1 config:block.block.views_block__stock_images_block_1 config:block.block.views_block__stock_images_block_2 config:block.block.whatsnewatcira config:block_list config:block_visibility_groups.block_visibility_group.global_main_menu_and_footer_menu config:eu_cookie_compliance.settings config:filter.format.rich_text config:filter.format.rich_text_no_media config:filter.format.source config:google_analytics.settings config:image.style.no_crop_1024 config:image.style.no_crop_1280 config:image.style.no_crop_1440 config:image.style.no_crop_1600 config:image.style.no_crop_1920 config:image.style.no_crop_2048 config:image.style.no_crop_2560 config:image.style.no_crop_2880 config:image.style.no_crop_3200 config:image.style.no_crop_480 config:image.style.no_crop_640 config:image.style.no_crop_800 config:image.style.no_crop_960 config:responsive_image.styles.content_width_no_crop config:system.menu.about-ca-domains config:system.menu.cybersecurity config:system.menu.other-initiatives config:system.menu.our-organization config:system.menu.what-s-new-at-cira- config:system.site config:user.role.anonymous config:workflows.workflow.editorial http_response local_task media:10531 media:10911 media_view node:3741 node:6331 node:8446 node_view page_manager_route_name:entity.node.canonical rendered user:351

And why use an American company- CloudFlare - if they're looking out for Canadian interests?

1. To protect Canadians from the massive increase in global cyber-threats particularly during a time when many are working and learning from home.
2. To reduce our reliance on foreign corporations for critical (and personal) DNS infrastructure.
3. To give Canadians options for an internet they can trust from a Canadian not-for-profit with no interest in monetizing their data.

 

[L&LD]

@intr0, no one company 'has' the entire internet, somewhere along the lines their paths will intertwine or at least cross.

 

[RMerlin]

And why use an American company- CloudFlare - if they're looking out for Canadian interests?

Because there isn't a single CDN provider based in Canada?

 

[heysoundude]

Because there isn't a single CDN provider based in Canada?

Because we’ve been focused on building a different kind of pipeline until lately...but that’s for another thread...
...and I REALLY have to learn not to bring my political views here when the opportunity presents itself.
Sorry all. I’m just happy there are so many of us here from our wee small home and native land.


Sent from my iPhone using Tapatalk

 

[asmopul]

The Swiss server digitale-gesellschaft.ch are working very well.
IPv4, IPv6 and DNS-over-TLS and DNS-over-https.
I was using nextdns, but I was losing connection all the time.
Later I switched over Cloudflare, a lot more stable.
And now digitale-gesellschaft, and working well so far.

 

[intr0]

Because there isn't a single CDN provider based in Canada?

Good reason.

 

[intr0]

@intr0, no one company 'has' the entire internet, somewhere along the lines their paths will intertwine or at least cross.

Indeed. Even China's Wall cannot stop traffic. (Although North Korea does so quite effectively using a modified Trend-Micro based Grand Firewall). I should have been more clear in my comment and pointed out that there's a difference between using servers rented from a third-party (any, even within one's own country) and using servers that are controlled & secured by (virtually and physically) you.