Some basic questions about using 1.1.1.1


#1

► This is very interesting!

Please clarify:

  1. Is 1.1.1.1 already and automatically DoH (using https for the connection), or is that something to come in the future, or does it require some special setting in my router or PC?

  2. One of my PCs (WIn 7 Pro 64-bit) already runs Simple DNSCrypt [C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe], current version 2.0.8. Is 1.1.1.1 compatible with that, or will they conflict, or will one override the other (and which one will override which one)?

  3. I am getting Verizon FIOS in the next few business days (1Gbps home, in NYC). I will have their ONT and their Quantum router. I think I’ve seen somewhere the instructions how to put 1.1.1.1 as the selected DNS in that router. But please repeat that link if you have it.

  4. If DoH for 1.1.1.1 is already available, do I need to do something in the FIOS Quantum router to make DoH (https) happen? Is there anything else I need to do to have my DNS queries confidential and not trackable by Verizon?

  5. One of my PCs is still XP Pro SP3, which I keep updated using the POS hack. If I change my router to 1.1.1.1 for DNS, will the XP machine get blocked because it can’t use whatever 1.1.1.1 is using (including some version of TLS)?

Thanks.


#2

Hi glnz,

If you just configure your devices and/or router to use 1.1.1.1, you will not use DoH, but regular, unauthenticated, unencrypted queries.

In order to use DoH, some additional software has to be installed on your devices.

Simple DNSCrypt, as already installed on one of your PCs, supports DoH and is fully compatible with 1.1.1.1. All you have to do is choose “Cloudflare” in the list of available resolvers.

Simple DNSCrypt also provides an option to let your PC act as a local DNS cache/proxy for all other devices on your network.

I don’t think you can install additional software on the FIOS router, and it doesn’t support DoH.

When a device is configured to use DoH, the router’s settings are bypassed. It doesn’t hurt to configure the router to use 1.1.1.1 if you can, though.


#3

jedisct1 - Thanks for your post.
Questions:

  1. You write that Simple DNSCrypt “supports” DoH. Does that mean that DoH is automatically on, or is there a setting in Simple DNSCrypt that I must find and flip?

Right now, my Simple DNSCrypt has “Automatic Mode” Enabled, which apparently means it uses ALL its listed DNS resolvers, and the list currently has 33 of them, including Cloudflare 1.1.1.1 (anycast) as one of the 33.

  1. So, when Simple DNSCrypt uses one of the other resolvers, is it using DoH?

  2. And if I force it to use only Cloudflare 1.1.1.1, is it using DoH?

Thanks.


#4

In automatic mode, it performs a benchmark and picks the fastest servers among ALL possible options.

But you can also select the candidates you want.

Select only Cloudflare and/or Cloudflare-IPv6, and it will use nothing but Cloudflare servers.

DoH or DNSCrypt (depending on what the servers support) will always be used.

There are no insecure options, so you don’t need to enable anything else, just the servers you want to use. The DNS traffic will always be encrypted and authenticated.