What's new

When using DNSoverTLS with VPN, does Cloudflair see ISP or VPN IP?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Luboknok

Regular Contributor
When using DNSoverTLS in Merlin router and exclusive VPN, do the dns resolvers (cloudflair, etc) receive the request from the VPNs IP, or from the local router IP? In other words, does DNSoverTLS go inside or outside the VPN?
 
When using DNSoverTLS in Merlin router and exclusive VPN, do the dns resolvers (cloudflair, etc) receive the request from the VPNs IP, or from the local router IP? In other words, does DNSoverTLS go inside or outside the VPN?
Isp unless you are running dot through the vpn tunnel somehow. Btw the exclusive mode sets the dns used by vpn to vpn dns.
 
If you want to use the routers DNS over TLS in the tunnel just set this setting in the VPN client settings.
Code:
Accept DNS Configuration to disabled
 
If you want to use the routers DNS over TLS in the tunnel just set this setting in the VPN client settings.
Code:
Accept DNS Configuration to disabled
@Luboknok
This means your encryption would lie on the side of your ISP's IP and not your VPN. In retrospect, your VPN will not be able to see your DNS lookups as they would reside out side the tunnel and be encrypted.
 
Thanks for all the answers, although the last two seem to contradict. I suppose there is no practical reason to use DNSoverTLS inside the VPN tunnel, but it would be another layer of encryption.
 
Thanks for all the answers, although the last two seem to contradict. I suppose there is no practical reason to use DNSoverTLS inside the VPN tunnel, but it would be another layer of encryption.
You never lived nor acted in a censorship environment :)

Sent from my SM-T805 using Tapatalk
 
From my understanding, if you have the VPN DNS set to exclusive, the VPN-routed clients will only use the DNS servers supplied by the VPN. Thus, your DoT settings would not apply to your VPN routed clients. If you set the VPN to allow DNS from outside the VPN (through DoT or otherwise), then you run the risk of the DNS queries being made by your ISP ip, not your VPN ip. But if you use DoT then the queries would be encrypted. I personally have not found a good way to test if DoT is working, but I haven't looked into it too much. I got my ASUS router not too long ago so I'm new to the WRT-Merlin community.

Are you using the D0T settings in the GUI? What are your VPN settings for "Force Internet traffic through tunnel" and "Block routed clients if tunnel goes down"?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top