2022年8月14日 · The router however can/should use a secure DNS like DoT or DoH (or DNSCrypt and there are newer implementations coming e.g. DoQ and DoH3), however DoT can be blocked and if you do not want that than using DoH on the router is not a bad idea, unfortunately this is not supported.

2022年1月15日 · At that point, DoT seemed to be configured and working from the previous firmware version. But traffic statistics wasn't working right, so I did a factory default reset. Configuring after that, no "Preset servers" list. Also no drop-down on the DNS Server1 and DNS Server2 fields, just the browser list of past values.

2022年7月22日 · When it's DoT vs DoH, I prefer DoT given the simplicity without HTTPS but DoH does have some advantages. Performance is better with HTTP/2 as stated in RFC 8484 "The messages in classic UDP-based DNS [RFC1035] are …

2022年12月29日 · For example if you're using Chrome and set your PC to Google DNS it will switch to using "secure DNS" (DNS over HTTP / port 443) and therefore bypass the router's blocking attempts. View attachment 46723 nslookup will show the google DNS because it's unaware that the request is being redirected somewhere else by the router.

2020年2月7日 · For those of us subscribing to Comcast Xfinity internet service, I came to learn today of their encrypted DNS initiatives.

2025年1月6日 · I found the following addresses that are used by Apple to provide DoH & Encrypted DNS. You need to block the following in Diversion/Skynet or whatever you use. mask.apple-dns.net mask.icloud.com mask-api.icloud.com mask-h2.icloud.com

2020年12月3日 · The "What's My DNS Server" website explains this result: "Many people configure their computer or router to use a specific DNS server that they prefer (such as Google DNS which is found at 8.8.8.8). The expectation is that the server at 8.8.8.8 provides your DNS services, but that isn't what really happens.

2020年7月24日 · NOTE: There is currently an issue with the popular DoT/DoH test site provided by Cloudflare where it will fail to use properly signed DNSSEC hostnames during the test, causing the test to fail to correctly detect that you are using DoT. This does not indicate that your setup doesn't work, and is something that will hopefully eventually be fixed ...

2021年10月5日 · Note: Originally misclicked and created this thread way too early while starting to write it. Most of the content has been edited in. Apologies! Running Merlin: 386.3_2 I have my network setup to use a pihole DNS filter. The Asus router advertises the pihole's local IP as a DNS server on DHCP...

2023年8月5日 · 1. to prevent DoH bypass, adding a DoH filter to diversion, such as: Hagezi DNS blocklists encrypted-dns-servers-only I tested this DoH filter & others on MacOS, they stop browser level DoH used by Firefox or Brave, but do not stop native MacOS DoH profiles or apps from bypassing my router's DNS.