support for DNS over TLS (DoT)
I am awaiting support for DNS over TLS (DoT) so I van setup my router to start using OpenDNS servers again.
My router does not support DNS over HTTPS (DoH) as OpenDNS supports.
DNS traffic encryption is a requirement for my network in order to help prevent man-in-the-middle attacks.
-
DNS over TLS set on the router combined with enforcing DNS over HTTPS settings at clients to use the DNS over TLS settings from the router for instance works with ASUSWRT Merlin. This is a great security enhancement since it will block malware from forcing the usage of malicious DNS over HTTPS servers.
If you require further DNS filtering or local domain DNS support, just run a local DNS server to do so and have it forward to the DNS over TLS router.
This is what I do now.
Unfortunately at the moment I am forced to use other DNS providers.
They offer DNS malware filtering, but no granular filtering like OpenDNS does.
-
Cisco’s blog entry 2022-02-10
https://umbrella.cisco.com/blog/enhancing-support-dns-encryption-with-dns-over-https
announces that their core resolvers now support DoT as well as DoH, effective
2022-01-28. Since they list the same IP addresses as OpenDNS, and identical
DoH resolvers https://dns.opendns.com/dns-query and
https://dns.umbrella.com/dns-query, the implication is both dns.opendns.com and
dns.umbrella.com should work as DoT resolvers! Verified both DNS addresses
work for DoT on an Android 10 phone; ref.
https://support.opendns.com/hc/en-us/community/posts/4418984676756-DNS-Over-TLS-Opendns.
Please sign in to leave a comment.
Comments
3 comments