this post was submitted on 22 Jul 2023
14 points (93.8% liked)

Privacy

32173 readers
1039 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

If DoH/DoT is configured on the Router, is it also needed to configure DoT/DoH in the Browser or OS?

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

No, but check if the browser isn't using other DoH provider. If so just disable it.

[–] UnfortunateShort 4 points 1 year ago (1 children)

Note that it's obviously a different story for mobile devices. If you connect to different networks, you might want to leave DoH on on your device

[–] 03040 1 points 1 year ago (1 children)

Makes sense, is their any downside if I set the same DNS in Android and Router?

[–] UnfortunateShort 2 points 1 year ago

No - in either case a https connection will be established and DNS will be available via that connection. The only exception is the very first connection of the browser/system, where the domain of the DoH provider needs to be resolved first (e.g. dns.quad9.net -> 9.9.9.9).

[–] Sizably8826 2 points 1 year ago

you can check via this website

[–] [email protected] 2 points 1 year ago (1 children)

No, but your OS needs to be configured to use the DNS server on your router. Easiest way to do this is with DHCP + NAT rule to ensure all DNS queries are processed by your router.

[–] 03040 1 points 1 year ago (1 children)

Why do I need a NAT rule if the computer uses DHCP?

[–] [email protected] 2 points 1 year ago

It's not necessary but it ensures that all DNS queries are processed by your router. It could be that there's software that uses a specific DNS server hardcoded to make sure they can avoid your Pi-hole (or alternative solution) to track you.

[–] [email protected] 2 points 1 year ago

Depends on your security model IMHO. If unencrypted dns traffic on your network, or your router being a possible aggretion point for dns requests from devices on your network is fine, then it is a great way to simplify using it for your network.

I imagine it's probably good for 98% of people.