I modified my router and obviously the internet is working fine, so is that all? Are there sites I can use to test it or is this proof in itself. Thank you
Yes, just visit https://220.127.116.11/help it should tell you if you are using 18.104.22.168 and whether the connection is over an encrypted protocol.
If you like you can share your results here
Yep, that’s sure working. It’s a big YES for 22.214.171.124, and more YES for reaching all four of Cloudflare’s resolvers.
It is okay that it says no for both DNS over HTTPS and DNS over TLS?
That’s OK. It’s better than using default name servers…but not much more private. And that’s about where things sit for most people right now. DoH or DoT are fully encrypted, so your ISP can’t sniff your DNS queries.
It’s also how I’m currently configured…though I do have Firefox set for DoH when I want all the good stuff.
I also have my iDevices configured with the App for all the good stuff as well. Desktop OSes aren’t that easy to get set up for DoH or DoT.
I disagree, I think it’s about as easy as setting DoH up in Firefox.
If you like to encrypt the DNS traffic you should checkout the conversation in DNS Hijacking
If your on a Mac it is admittedly a bit harder since there is no GUI application yet. If you have homebrew installed, just install dnscrypt-proxy with
brew install dnscrypt-proxyand change your system DNS:
- Make sure dnscrypt-proxy starts on reboot:
sudo brew services start dnscrypt-proxy
- System Preferences > “Network” and clicking the “Advanced…” button for your interface.
- You will see a “DNS” tab where you can click “+” and enter 127.0.0.1 in the “DNS Servers” section.
If you want only want to use Cloudfare than edit the
/usr/local/etc/dnscrypt-proxy.tomlfile and change
server_names = ['Cloudflare', 'Cloudflare-ipv6']
You can use
sudo brew services restart dnscrypt-proxyto apply the changes.
- Make sure dnscrypt-proxy starts on reboot:
For Cloudflared the setup is similar: https://developers.cloudflare.com/126.96.36.199/dns-over-https/Cloudflared-proxy/
brew install Cloudflare/Cloudflare/Cloudflared mkdir -p /usr/local/etc/Cloudflared cat << EOF > /usr/local/etc/Cloudflared/config.yml proxy-dns: true proxy-dns-upstream: - https://188.8.131.52/dns-query - https://184.108.40.206/dns-query EOF sudo Cloudflared service install
All those solutions involve installing non-standard software. Firefox is easy to install and needs about two settings changes to get DoH working.
But if you like to get your hands dirty, you won’t break a sweat with any of the three solutions you posted.
That’s the key bit. Tell that to the 80% of Internet users who fell for Google (“Chrome is the best browser”).
Oh, such sweet IE6 times all over
Sorry I am getting a bit lost in the weeds, I am using Firefox, how can I get the HTTPS and TLS to say yes?
You can only get one or the other. They’re a little different from each other, though both secure. It takes only two Firefox modified settings:
Quoted from DNS Hijacking
- “off by default”
- lets Firefox pick whichever is faster
- makes DNS-over-HTTPS the browser’s first choice but use regular DNS as a fallback
- for DNS-over-HTTPS only mode
- to explicitly turn it off
You can use https://www.cloudflare.com/ssl/encrypted-sni/ to check if everything is setup correctly
Hi, here’s my result:
Is everything ok?
How can I fix the Encrypted SNI problem?
Are you using the latest version of a browser that supports ESNI? Meaning: Mozilla Firefox ?
If so, have you set in about:config the value of network.security.esni.enabled to true?
I am having a problem reaching archive.is:
Hmm. We’re having trouble finding that site.
We can’t connect to the server at www.archive.is.
If that address is correct, here are three other things you can try:
Try again later. Check your network connection. If you are connected but behind a firewall, check that Firefox has permission to access the Web.
I open it in Opera (VPN) and it works, am pretty sure it is the 220.127.116.11, but maybe I’m wrong. Can someone help I use archive a lot, thank you!!
This has come up several times. archive.is has improperly configured their DNS. Maybe deliberately.
Can anyone check if this is problem?
Is this looking good or how do I get DoH and encrypted sni
Is it possible to verify if another person is using DoH through
For instance, in my back-end server, how could I somehow whitelist that only requests that are using DoH can continue?
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.