If DoH/DoT is configured on the Router, is it also needed to configure DoT/DoH in the Browser or OS?

  • andruid@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Depends on your security model IMHO. If unencrypted dns traffic on your network, or your router being a possible aggretion point for dns requests from devices on your network is fine, then it is a great way to simplify using it for your network.

    I imagine it’s probably good for 98% of people.

  • Vexz@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    No, but your OS needs to be configured to use the DNS server on your router. Easiest way to do this is with DHCP + NAT rule to ensure all DNS queries are processed by your router.

      • Vexz@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        It’s not necessary but it ensures that all DNS queries are processed by your router. It could be that there’s software that uses a specific DNS server hardcoded to make sure they can avoid your Pi-hole (or alternative solution) to track you.

    • UnfortunateShort@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Note that it’s obviously a different story for mobile devices. If you connect to different networks, you might want to leave DoH on on your device

        • UnfortunateShort@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          No - in either case a https connection will be established and DNS will be available via that connection. The only exception is the very first connection of the browser/system, where the domain of the DoH provider needs to be resolved first (e.g. dns.quad9.net -> 9.9.9.9).