DNS over TLS (DoT) router configuration

I’m configuring DoT on my router and I’ve come across two sets of developer documentation:

the first instructs you to obtain your custom hostname via zero trust (e.g., 9y65g5srsm.cloudflare-gateway.com ) here
DNS over TLS · Cloudflare Zero Trust docs

and the other documentation outlines the use of, for example, security.cloudflare-dns.com
Set up Cloudflare 1.1.1.1 resolver · Cloudflare 1.1.1.1 docs

can someone please help me understand the difference between these two methods?

Using zero trust allows logging and analytics of DNS requests and to more finely control the access your users have, by blocking or allowing categories or sites of your choice. Depending on the DNS protocol used, you get a unique hostname/IPv6 address (or register your IPv4 address) for your account so Cloudflare can tie requests to your users and report them to you. Usually used by businesses with teams of users, but, as I do, you can also use it in a household for detailed access control for kids.

If you use the standard Cloudflare DNS IPs/hostnames for DNS servers it’s like setting any DNS resolver. You can choose from 3 types (unfiltered, malware blocking and adult/malware blocking) and obviously those don’t have any logging. This is the most simple to set up.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.