- Mar 13, 2021
- 462
If your router is using DNS over TLS, does it still make sense to use DNS over HTTPS in the browser?
CleanBrowsing DNS vs NextDNS vs ControlD DNS
- Thread starter SohanRay
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Apr 1, 2019
- 2,868
No, you are just bypassing the router at that point. The only reason you’d want to do that is if you wanted that browser to use a different DNS than the router.
UBlock on my PC's FireFox and also on my Android's is blocking Youtube ads.
But obviously you can not block the ads inside the YT app. For that I would recommend "NewPipe" which is amazing.... but since it does not have any trackers therefore, the suggestions will not be as it is in the official YT app.
Privacy is always give and take.
- Mar 13, 2021
- 462
If some network is blocking the use of encrypted DNS, what are your choices? Anything on the software level, like an adblocker, what can prevent them for seeing the websites you visit?
- May 26, 2014
- 1,339
I dont think that is possible to block encrypted DNS on a network level without blocking "everything" (ex: DNS over HTTPS); nothing besides a VPN or a Tor browser (not recommended) can prevent that kind of snoop.
- Mar 13, 2021
- 462
I use a network that it shows in the Wifi settings "This network doesn't allow the use of cryptographed DNS", when I use NextDNS, I get no internet.
- May 26, 2014
- 1,339
Did you tried DNS Over HTTPS (DoH) ?
The other methods can be blocked, DoH cant.
Try to use NextDNS directly in your browser or via YogaDNS client with the appropriate configuration.
- Apr 1, 2019
- 2,868
All you need is the destination IP address to block DoH. The packet has to be going somewhere even if you can’t read it.
- Mar 13, 2021
- 462
It's an iPhone. How to change NextDNS to DoH? I don't know which encryption it uses by default.
- Feb 25, 2017
- 2,585
- May 26, 2014
- 1,339
This is more theoretical than pratical, DoH is camouflaged within other HTTPS traffic.
- May 26, 2014
- 1,339
- Apr 1, 2019
- 2,868
No you just use an ip table list of DoH providers and block packets heading to those IPs through port 443. It’s cumbersome, but organizations are definitely capable if they want to deal with the hassle.
- Feb 25, 2017
- 2,585
- May 26, 2014
- 1,339
By this method?
How to block DNS over HTTPS using IPtables
I've recently started using iptables for the first time on my OpenWrt, Linux based router. Out of the box the OpenWrt firewall is very good, however, after wanting to do more advanced things with the
serverfault.com
Dont seen that effective.
- May 26, 2014
- 1,339
Are you sure? I am not an iOS user, but I read about Dot support.
Apple adds support for encrypted DNS (DoH and DoT)
Apple said this week that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols.
www.zdnet.com
- Apr 1, 2019
- 2,868
It's effective to block, ineffective to redirect because it breaks the encryption. You would just have no ability to resolve anything and have to maintain the IP tables.By this method?
How to block DNS over HTTPS using IPtables
I've recently started using iptables for the first time on my OpenWrt, Linux based router. Out of the box the OpenWrt firewall is very good, however, after wanting to do more advanced things with the
Dont seen that effective.
- Feb 25, 2017
- 2,585
Okay, before I spread any false information I will just share this here:Are you sure? I am not an iOS user, but I read about Dot support.
Apple adds support for encrypted DNS (DoH and DoT)
Apple said this week that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols.
test.nextdns.io
Here he can check wether he is using DoH or DoT
- Apr 1, 2019
- 2,868
Anyway, sorry to derail the conversation. The point is it can be blocked, easily by corps with the resources to do it. But it would be noticeable and very difficult to redirect. One would know they are being blocked.
