► This is very interesting!
Is 18.104.22.168 already and automatically DoH (using https for the connection), or is that something to come in the future, or does it require some special setting in my router or PC?
One of my PCs (WIn 7 Pro 64-bit) already runs Simple DNSCrypt [C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe], current version 2.0.8. Is 22.214.171.124 compatible with that, or will they conflict, or will one override the other (and which one will override which one)?
I am getting Verizon FIOS in the next few business days (1Gbps home, in NYC). I will have their ONT and their Quantum router. I think I’ve seen somewhere the instructions how to put 126.96.36.199 as the selected DNS in that router. But please repeat that link if you have it.
If DoH for 188.8.131.52 is already available, do I need to do something in the FIOS Quantum router to make DoH (https) happen? Is there anything else I need to do to have my DNS queries confidential and not trackable by Verizon?
One of my PCs is still XP Pro SP3, which I keep updated using the POS hack. If I change my router to 184.108.40.206 for DNS, will the XP machine get blocked because it can’t use whatever 220.127.116.11 is using (including some version of TLS)?
If you just configure your devices and/or router to use
18.104.22.168, you will not use DoH, but regular, unauthenticated, unencrypted queries.
In order to use DoH, some additional software has to be installed on your devices.
Simple DNSCrypt, as already installed on one of your PCs, supports DoH and is fully compatible with
22.214.171.124. All you have to do is choose “Cloudflare” in the list of available resolvers.
Simple DNSCrypt also provides an option to let your PC act as a local DNS cache/proxy for all other devices on your network.
I don’t think you can install additional software on the FIOS router, and it doesn’t support DoH.
When a device is configured to use DoH, the router’s settings are bypassed. It doesn’t hurt to configure the router to use
126.96.36.199 if you can, though.
jedisct1 - Thanks for your post.
- You write that Simple DNSCrypt “supports” DoH. Does that mean that DoH is automatically on, or is there a setting in Simple DNSCrypt that I must find and flip?
Right now, my Simple DNSCrypt has “Automatic Mode” Enabled, which apparently means it uses ALL its listed DNS resolvers, and the list currently has 33 of them, including Cloudflare 188.8.131.52 (anycast) as one of the 33.
So, when Simple DNSCrypt uses one of the other resolvers, is it using DoH?
And if I force it to use only Cloudflare 184.108.40.206, is it using DoH?
In automatic mode, it performs a benchmark and picks the fastest servers among ALL possible options.
But you can also select the candidates you want.
Select only Cloudflare and/or Cloudflare-IPv6, and it will use nothing but Cloudflare servers.
DoH or DNSCrypt (depending on what the servers support) will always be used.
There are no insecure options, so you don’t need to enable anything else, just the servers you want to use. The DNS traffic will always be encrypted and authenticated.