How to know if 1.1.1.1 is working?


#1

I modified my router and obviously the internet is working fine, so is that all? Are there sites I can use to test it or is this proof in itself. Thank you


#2

Yes, just visit https://1.1.1.1/help it should tell you if you are using 1.1.1.1 and whether the connection is over an encrypted protocol.
If you like you can share your results here


#3

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6IlllcyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IllZWiIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==


#4

Yep, that’s sure working. It’s a big YES for 1.1.1.1, and more YES for reaching all four of Cloudflare’s resolvers.


#5

It is okay that it says no for both DNS over HTTPS and DNS over TLS?


#6

That’s OK. It’s better than using default name servers…but not much more private. And that’s about where things sit for most people right now. DoH or DoT are fully encrypted, so your ISP can’t sniff your DNS queries.

It’s also how I’m currently configured…though I do have Firefox set for DoH when I want all the good stuff.

I also have my iDevices configured with the App for all the good stuff as well. Desktop OSes aren’t that easy to get set up for DoH or DoT.


#7

I disagree, I think it’s about as easy as setting DoH up in Firefox.

If you like to encrypt the DNS traffic you should checkout the conversation in DNS Hijacking

  • For windows I recommend https://simplednscrypt.org/ - screenshots

  • If your on a Mac it is admittedly a bit harder since there is no GUI application yet. If you have homebrew installed, just install dnscrypt-proxy with brew install dnscrypt-proxy and change your system DNS:

    1. Make sure dnscrypt-proxy starts on reboot: sudo brew services start dnscrypt-proxy
    2. System Preferences > “Network” and clicking the “Advanced…” button for your interface.
    3. You will see a “DNS” tab where you can click “+” and enter 127.0.0.1 in the “DNS Servers” section.

    If you want only want to use Cloudfare than edit the /usr/local/etc/dnscrypt-proxy.toml file and change server_names to server_names = ['cloudflare', 'cloudflare-ipv6']

    You can use sudo brew services restart dnscrypt-proxy to apply the changes.

For cloudflared the setup is similar: https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/

brew install cloudflare/cloudflare/cloudflared
mkdir -p /usr/local/etc/cloudflared
cat << EOF > /usr/local/etc/cloudflared/config.yml
proxy-dns: true
proxy-dns-upstream:
 - https://1.1.1.1/dns-query
 - https://1.0.0.1/dns-query
EOF
sudo cloudflared service install

DNS Hijacking
#8

All those solutions involve installing non-standard software. Firefox is easy to install and needs about two settings changes to get DoH working.

But if you like to get your hands dirty, you won’t break a sweat with any of the three solutions you posted.


#9

That’s the key bit. Tell that to the 80% of Internet users who fell for Google (“Chrome is the best browser”).

Oh, such sweet IE6 times all over :innocent:


#10

Sorry I am getting a bit lost in the weeds, I am using Firefox, how can I get the HTTPS and TLS to say yes?


#11

You can only get one or the other. They’re a little different from each other, though both secure. It takes only two Firefox modified settings:


#12

Quoted from DNS Hijacking

The network.trr.mode setting:

  1. “off by default”
  2. lets Firefox pick whichever is faster
  3. makes DNS-over-HTTPS the browser’s first choice but use regular DNS as a fallback
  4. for DNS-over-HTTPS only mode
  5. to explicitly turn it off

You can use https://www.cloudflare.com/ssl/encrypted-sni/ to check if everything is setup correctly


DoH with IE 11
#13

Hi, here’s my result:

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRVdSIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9

Is everything ok?

How can I fix the Encrypted SNI problem?


#14

Are you using the latest version of a browser that supports ESNI? Meaning: Mozilla Firefox ?

If so, have you set in about:config the value of network.security.esni.enabled to true?


#15

I am having a problem reaching archive.is:

Hmm. We’re having trouble finding that site.

We can’t connect to the server at www.archive.is.

If that address is correct, here are three other things you can try:

Try again later.
Check your network connection.
If you are connected but behind a firewall, check that Firefox has permission to access the Web.

I open it in Opera (VPN) and it works, am pretty sure it is the 1.1.1.1, but maybe I’m wrong. Can someone help I use archive a lot, thank you!!


#16

This has come up several times. archive.is has improperly configured their DNS. Maybe deliberately.


#17

https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IlNJTiIsImlzcE5hbWUiOiJLdW1hciBOZXR3b3JrcyIsImlzcEFzbiI6IjEzMzk4MiJ9

Can anyone check if this is problem?
TIA