DoH and DoT: Difference between revisions
Content deleted Content added
| (9 intermediate revisions by 2 users not shown) | |||
| Line 21: | Line 21: | ||
=Testing if it’s working= |
=Testing if it’s working= |
||
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (currently only |
We have a testing domain, if you go to http://encrypted-dns-tester.aa.net.uk you will be directed to a page saying if your browser used DoT or DoH. The DNS lookup and page will fail if you are not using our DoT or DoH servers. (The test page currently only works over HTTP) |
||
[[File:Chrome-DOH-tester.png|600px|center|alt=DOH test page in Chrome Browser|DOH test page in Chrome]] |
|||
=Help setting DoH or DoT on browsers and devices= |
=Help setting DoH or DoT on browsers and devices= |
||
At the moment there is limited support for DoT and DoH on computers generally. Browsers are starting to support DoH, and Android from version 9 supports DoT. These are new protocols and it will take time before they are widely used. |
At the moment there is limited support for DoT and DoH on computers generally. Browsers are starting to support DoH, and Android from version 9 supports DoT. macOS and iOS support DoH/DoT by loading a custom profile. These are new protocols and it will take time before they are widely used. |
||
==General resources== |
==General resources== |
||
| Line 41: | Line 44: | ||
Checking your browser |
Checking your browser |
||
In your Firefox URL bar, type: <code>about:networking</code> and enter. Then click DNS on the left, and you should see your DNS lookups, and they |
In your Firefox URL bar, type: <code>about:networking</code> and enter. Then click DNS on the left, and you should see your DNS lookups, and they should have TRR (Trusted Recursive Resolver) listed as true. |
||
==Chrome== |
==Chrome== |
||
| Line 58: | Line 61: | ||
#Tap ‘Private DNS provider hostname’ and set: dns.aa.net.uk |
#Tap ‘Private DNS provider hostname’ and set: dns.aa.net.uk |
||
#Click Save |
#Click Save |
||
==iOS== |
|||
This has been tested on iOS 15. It sensibly warns you that the config isn't signed and that someone could spy on your phone's DNS, but if you click through it seems to "just work". You should review mobileconfig profiles before installing. |
|||
#Download the mobileconfig file for the service you want to enable: [https://testing.me.uk/aa-https.mobileconfig DoH] or [https://testing.me.uk/aa-tls.mobileconfig DoT] |
|||
#Navigate to the downloaded file in the "files" app and open it - this should add it to settings |
|||
#Navigate to the "VPN & Device Management" section of settings and review the profile - this should activate it |
|||
==Stubby== |
==Stubby== |
||
| Line 74: | Line 85: | ||
And once running, test with |
And once running, test with |
||
dig +short @::1 encrypted-dns-tester.aa.net.uk |
dig +short @::1 encrypted-dns-tester.aa.net.uk |
||
...and you should see a result. |
|||
81.187.39.93 |
|||
If encrypted-dns-tester.aa.net.uk resolves to 81.187.30.81 then it wasn't using our DoT servers. |
|||
==Using DOH with curl== |
==Using DOH with curl== |
||
| Line 83: | Line 93: | ||
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk |
curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk |
||
| ⚫ | |||
or |
|||
or, try the tester page |
|||
curl --doh-url https://dns.aa.net.uk/dns-query |
curl --doh-url https://dns.aa.net.uk/dns-query http://encrypted-dns-tester.aa.net.uk |
||
This will give a page saying 'You are using AAISP's encrypted DNS servers' |
|||
| ⚫ | |||