Introducing 1.1.1.1, the app!


#21

Thank you for the information and your reply, sdayman. It seems our setup is very similar. Before making changes in my router, the router automatically handled dns. I changed that, by adding Cloudflare servers, turning on DNSSEC and dns rebind protection.

Prior to installing the cloudflare app, when testing rebind protection, a notice would pop up in my router log. I no longer get those notices, with the app running.

DNSSEC and rebind is definitely enabled in router. Why would that be? Does the app intercept those attempts?

Sorry for all these questions.


#22

Since the app communicates over HTTPS to 1.1.1.1, it no longer tells your router what DNS queries it’s running and your router has no way of reading those DNS queries or answers, so your router effectively doesn’t know any DNS work is being done.

With the app, your DNS is encrypted, but your router won’t tell you of DNSSEC or rebind errors. With your router, it logs DNSSEC/rebind errors, but doesn’t encrypt your DNS traffic.


#23

Hi Judge,

Thank you for the very detailed explanation. It makes perfect sense. I just wanted to make sure everything is working as it should. It sounds like it is, without the log entries and I’m fine with that,


#24

I do have a couple more questions. :slight_smile:

Which is preferred, DNS over HTTPS or DNS over TLS?

Are there any performance or security advantages of one over the other?

Thanks again for such helpful forum members.


#25

Hi,
I have installed the app. But do I need also the manual DNS (1.1.1.1) setting in my device? or just running the app is sufficient? If manual DNS setting is necessary then how does it work with mobile data?


#26

No.

You can’t set custom DNS servers for mobile data on most devicess or carriers. That’s why there are apps for it. The Google DNS app works the same way.


#27

DNS over HTTPS is preferred. The most common reasoning is since DNS over TLS uses port 853, DNS over TLS can be blocked but you can’t block DNS over HTTPS without collateral damage. Also if the webserver you’re connecting to offers both Content and DNS resolution like google and CF, DoH can be faster due to connection reuse.


See section DoT vs DoH ^


#28

Thank you for the explanation and link, anzetal.


#29

This is the best app ever. Useful for people in a country where government insanely dan brutally hijacking DNS.


#30

Hi! Now you can.

Our latest update handles that for you.


#31

I can confirm, the auto start is working fine now. Thank you, this is a big help for me. Now, I don’t have to remember to start the app after phone re-start. Thanks again! I appreciate the efforts for this app.