12,271
edits
DoH and DoT: Difference between revisions
m
→Testing if it’s working
mNo edit summary |
|||
| (24 intermediate revisions by 4 users not shown) | |||
|
__NOTOC__<indicator name="Routers">[[File:menu-router.svg|link=:Category:Routers|30px|Back up to the Routers Category]]</indicator>
=A
A&A run DNS over HTTPS (
As of September 2019, this is considered a 'trial' service, but is expected to continue and be an 'official' service for customers.
| Standard DNS || 217.169.20.20 <br>217.169.20.21 <br>2001:8b0::2020 <br>2001:8b0::2021 || Our standard 'port 53' servers, widely used (everywhere).
|}
Our privacy statement and terms can be found
=Testing if it’s working=
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (The test page currently only works over HTTP)
[[File:Chrome-DOH-tester.png|600px|center|alt=DOH test page in Chrome Browser|DOH test page in Chrome]]
=Help setting DoH or DoT on browsers and devices=
At the moment there is limited support for DoT and DoH on computers generally. Browsers are starting to support DoH, and Android from version 9 supports DoT. macOS and iOS support DoH/DoT by loading a custom profile. These are new protocols and it will take time before they are widely used.
==General resources==
==FireFox==▼
* [https://support.mozilla.org/en-US/kb/firefox-dns-over-https FireFox's DoH info]
*[https://www.chromium.org/developers/dns-over-https Chromium's DoH developer info]
▲==FireFox==
DoH is supported in Firefox's UI in version 69 and up.
#Menu
#Preferences
Checking your browser
In your Firefox URL bar, type: <code>about:networking</code> and enter. Then click DNS on the left, and you should see your DNS lookups, and they
==Chrome==
DoH is expected to be a feature in Chrome version 78 or 79.
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
==Android (DoT)==
DoT is supported in Android version 9 (Pie) and up
[[File:Android-dot-setting.jpg|thumb]]
#Search for “DNS” in settings search bar
#Go to PrivateDNS setting screen
#Tap
#Click Save
==iOS==
This has been tested on iOS 15. It sensibly warns you that the config isn't signed and that someone could spy on your phone's DNS, but if you click through it seems to "just work". You should review mobileconfig profiles before installing.
#Download the mobileconfig file for the service you want to enable: [https://testing.me.uk/aa-https.mobileconfig DoH] or [https://testing.me.uk/aa-tls.mobileconfig DoT]
#Navigate to the downloaded file in the "files" app and open it - this should add it to settings
#Navigate to the "VPN & Device Management" section of settings and review the profile - this should activate it
==Stubby==
[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby Stubby] is an application acts as a local DNS resolver on port 53 but does its lookups over TLS (DoT) which means it can act as a DNS proxy for your whole machine.
Adding our servers should be enough:
- address_data: 2001:8b0::2022
tls_auth_name: "dns.aa.net.uk"
- address_data: 2001:8b0::2023
tls_auth_name: "dns.aa.net.uk"
- address_data: 217.169.20.22
tls_auth_name: "dns.aa.net.uk"
- address_data: 217.169.20.23
tls_auth_name: "dns.aa.net.uk"
And once running, test with
dig +short @::1 encrypted-dns-tester.aa.net.uk
...and you should see a result.
==Using DOH with curl==
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk
This will download the www.aa.net.uk webpage
or, try the tester page
▲This will download the www.aa.net.uk webpage but would have used the DOH server to resolve the DNS.
curl --doh-url https://dns.aa.net.uk/dns-query http://encrypted-dns-tester.aa.net.uk
This will give a page saying 'You are using AAISP's encrypted DNS servers'
| |||