Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

DoH and DoT: Difference between revisions

m
m (→‎A trial service: Typo; added link)
Tags: Mobile edit Mobile web edit
(6 intermediate revisions by 2 users not shown)
| Standard DNS || 217.169.20.20 <br>217.169.20.21 <br>2001:8b0::2020 <br>2001:8b0::2021 || Our standard 'port 53' servers, widely used (everywhere).
|}
Our privacy statement and terms can be found viaat: https://aa.net.uk/dns
 
=Testing if it'sit’s working=
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (currently only over IPv6 and HTTP)
 
 
==Chrome==
DoH is expected to be a feature in Chrome version 78 or 79.
 
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
 
==Android (DoT)==
#Search for “DNS” in settings search bar
#Go to PrivateDNS setting screen
#Tap 'Private‘Private DNS provider hostname',hostname’ and Setset: dns.aa.net.uk
#Click Save
 
==Stubby==
[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby Stubby] is an application acts as a local DNS resolver on port 53 but does its lookups over TLS (DoT) which means it can act as a DNS proxy for your whole machine.
 
Adding our servers should be enough:
- address_data: 2001:8b0::2022
tls_auth_name: "dns.aa.net.uk"
- address_data: 2001:8b0::2023
tls_auth_name: "dns.aa.net.uk"
- address_data: 217.169.20.22
tls_auth_name: "dns.aa.net.uk"
- address_data: 217.169.20.23
tls_auth_name: "dns.aa.net.uk"
 
And once running, test with
dig +short @::1 encrypted-dns-tester.aa.net.uk
81.187.39.93
 
If encrypted-dns-tester.aa.net.uk resolves to 81.187.30.81 then it wasn't using our DoT servers.
 
==Using DOH with curl==
 
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk
or
curl --doh-url https://dns.aa.net.uk/dns-query https://encrypted-dns-tester.aa.net.uk
 
This will download the www.aa.net.uk webpage and would have used the DOH server to resolve the DNS.
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,341

edits