Cloudflare ESNI checker Secure DNS check does not work with DNS over TLS

Hi.

I can query getdns on https://getdnsapi.net/query/ if I:

  • precise TLS resolver IP and TLS auth name;
  • precise TLS as transport;
  • whitelist the IP address of getdns
    view:addr(’::ffff:b931:8d1b’, policy.all(policy.PASS)) – IPv4-mapped IPv6 address 185.49.141.27
    view:addr(‘2a04:b900:0:100::27’, policy.all(policy.PASS))

The Cloudflare ESNI checker, by finding automatically the DNS resolver IP of the client should be able to query my DNS over TLS recursive server Knot Resolver after IP whitelisting in kresd.conf.

At the moment, the Cloudflare ESNI checker is overrated and only supports DNS over HTTPS.

https://www.cloudflare.com/ssl/encrypted-sni/ > only DoH is supported, which is sad.

AFAIK only Firefox supports ESNI at this point and that only if you have configured a DoH URL specifically in its configuration, otherwise it will fall back to regular SNI.

I am not talking at all about the Encrypted ESNI check of the Cloudflare ESNI checker but only about the Secure DNS check of the Cloudflare ESNI checker. 11|690x382

Here the Secure DNS should be green for me. With message: " You are using encrypted DNS transport with [DNS over TLS resolver IP]"

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.