DoH and DoT: Difference between revisions
m (→A trial service: Typo; added link) Tags: Mobile edit Mobile web edit |
|||
(6 intermediate revisions by 2 users not shown) | |||
Line 18: | Line 18: | ||
| Standard DNS || 217.169.20.20 <br>217.169.20.21 <br>2001:8b0::2020 <br>2001:8b0::2021 || Our standard 'port 53' servers, widely used (everywhere). |
| Standard DNS || 217.169.20.20 <br>217.169.20.21 <br>2001:8b0::2020 <br>2001:8b0::2021 || Our standard 'port 53' servers, widely used (everywhere). |
||
|} |
|} |
||
Our privacy statement and terms can be found |
Our privacy statement and terms can be found at: https://aa.net.uk/dns |
||
=Testing if |
=Testing if it’s working= |
||
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (currently only over IPv6 and HTTP) |
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (currently only over IPv6 and HTTP) |
||
Line 44: | Line 44: | ||
==Chrome== |
==Chrome== |
||
DoH is expected to be a feature in Chrome version 78 |
DoH is expected to be a feature in Chrome version 78 or 79. |
||
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html |
|||
==Android (DoT)== |
==Android (DoT)== |
||
Line 54: | Line 56: | ||
#Search for “DNS” in settings search bar |
#Search for “DNS” in settings search bar |
||
#Go to PrivateDNS setting screen |
#Go to PrivateDNS setting screen |
||
#Tap |
#Tap ‘Private DNS provider hostname’ and set: dns.aa.net.uk |
||
#Click Save |
#Click Save |
||
==Stubby== |
|||
[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby Stubby] is an application acts as a local DNS resolver on port 53 but does its lookups over TLS (DoT) which means it can act as a DNS proxy for your whole machine. |
|||
Adding our servers should be enough: |
|||
- address_data: 2001:8b0::2022 |
|||
tls_auth_name: "dns.aa.net.uk" |
|||
- address_data: 2001:8b0::2023 |
|||
tls_auth_name: "dns.aa.net.uk" |
|||
- address_data: 217.169.20.22 |
|||
tls_auth_name: "dns.aa.net.uk" |
|||
- address_data: 217.169.20.23 |
|||
tls_auth_name: "dns.aa.net.uk" |
|||
And once running, test with |
|||
dig +short @::1 encrypted-dns-tester.aa.net.uk |
|||
81.187.39.93 |
|||
If encrypted-dns-tester.aa.net.uk resolves to 81.187.30.81 then it wasn't using our DoT servers. |
|||
==Using DOH with curl== |
==Using DOH with curl== |
||
Line 62: | Line 83: | ||
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk |
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk |
||
or |
|||
curl --doh-url https://dns.aa.net.uk/dns-query https://encrypted-dns-tester.aa.net.uk |
|||
This will download the www.aa.net.uk webpage and would have used the DOH server to resolve the DNS. |
This will download the www.aa.net.uk webpage and would have used the DOH server to resolve the DNS. |
Revision as of 13:48, 4 Mayıs 2020
A trial service
A&A run DNS over HTTPS (DoH) and DNS over TLS (DoT) resolvers for customer use. There is information here at https://aa.net.uk/dns which includes information on privacy and the terms and conditions.
As of September 2019, this is considered a 'trial' service, but is expected to continue and be an 'official' service for customers.
A&A DNS Servers
Service | server | Description |
---|---|---|
DoH | https://dns.aa.net.uk/dns-query | Usually set in your web browser, where supported. |
DoT | dns.aa.net.uk | Usually set in your operating, where supported. |
Standard DNS | 217.169.20.20 217.169.20.21 2001:8b0::2020 2001:8b0::2021 |
Our standard 'port 53' servers, widely used (everywhere). |
Our privacy statement and terms can be found at: https://aa.net.uk/dns
Testing if it’s working
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (currently only over IPv6 and HTTP)
Help setting DoH or DoT on browsers and devices
At the moment there is limited support for DoT and DoH on computers generally. Browsers are starting to support DoH, and Android from version 9 supports DoT. These are new protocols and it will take time before they are widely used.
General resources
FireFox
DoH is supported in Firefox's UI in version 69 and up.
- Menu
- Preferences
- Scroll down to Network Setting...
- Scroll down and tick 'Enable DNS over HTTPS' and enter in a Custom provider: https://dns.aa.net.uk/dns-query
Checking your browser
In your Firefox URL bar, type: about:networking
and enter. Then click DNS on the left, and you should see your DNS lookups, and they shoudl have TRR (Trusted Recursive Resolver) listed as true.
Chrome
DoH is expected to be a feature in Chrome version 78 or 79.
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
Android (DoT)
DoT is supported in Android version 9 (Pie) and up
- Settings
- Search for “DNS” in settings search bar
- Go to PrivateDNS setting screen
- Tap ‘Private DNS provider hostname’ and set: dns.aa.net.uk
- Click Save
Stubby
Stubby is an application acts as a local DNS resolver on port 53 but does its lookups over TLS (DoT) which means it can act as a DNS proxy for your whole machine.
Adding our servers should be enough:
- address_data: 2001:8b0::2022 tls_auth_name: "dns.aa.net.uk" - address_data: 2001:8b0::2023 tls_auth_name: "dns.aa.net.uk" - address_data: 217.169.20.22 tls_auth_name: "dns.aa.net.uk" - address_data: 217.169.20.23 tls_auth_name: "dns.aa.net.uk"
And once running, test with
dig +short @::1 encrypted-dns-tester.aa.net.uk 81.187.39.93
If encrypted-dns-tester.aa.net.uk resolves to 81.187.30.81 then it wasn't using our DoT servers.
Using DOH with curl
Curl version 7.62.0 and above support using DoH for its DNS lookups. Here's an example:
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk
or
curl --doh-url https://dns.aa.net.uk/dns-query https://encrypted-dns-tester.aa.net.uk
This will download the www.aa.net.uk webpage and would have used the DOH server to resolve the DNS.