DoH and DoT

Back up to the Routers Category
From AAISP Support Site
Revision as of 12:41, 18 September 2019 by AA-Andrew (talk | contribs)


A&A run DNS over HTTPS (DoT) and DNS over TLS (DoT) resolves. There is information here: https://aa.net.uk/dns which includes information on privacy and the terms and conditions.

As of September 2019, this is considered a 'trial' service, but is expected to continue and be an 'official' service for customers.


Setting Description
Line type Auto Usually set this to automatic as it allows ADSL or ADSL2+ (depending on modem and line type).
Mode Routed This means that IP traffic is routed, and is the normal mode unless setting up a PPPoE bridge to another device.
PPP mode PPPoA When routing IP you want your router to connect using PPPoA mode. PPPoE (see below) is more commonly used when bridging to a separate PPPoE device such as a FireBrick
VPI/VCI 0/38 This is often the default on most broadband routers
Mux VC-Mux This is often the default on most broadband routers
Login As advised We allocate a login for one or more lines. This is of the form of a name followed by @, a realm, a dot then a single digit number. (e.g. test@a.1). The final number is the line number (e.g. 1, 2, etc.) for where customers have multiple lines sharing IP addresses.
Password As advised We allocate a password, but you can change this on the Broadband Control Pages. If you change the password on our system your lines will go off line until you change the password on the router as well. If your router cannot handle the length of password we provide, please contact support who will be happy to set a shorter password.
WAN IP (local) 0.0.0.0 Whilst we allocate a fixed IP address for your service, including the WAN address, it is best not to set this as it is allocated automatically using PPP. If you configure this incorrectly you will normally find you cannot log in at all.
WAN IP (remote) 0.0.0.0 The IP address for our end of the PPP link should not be configured. This is allocated by PPP automatically. This will change depending on equipment at our end and may even change on every connection in the future.
LAN IP As advised If using NAT then this will be some default such as 192.168.1.254. If you have a block of IPs from us, use the IP and netmask as advised. DO NOT make up a netmask for use with a real IP address that we have allocated - always use the one we have advised.
Routes As necessary If you have a separate router/firewall link block, you will need to configure a static route for your main IP block via your router/firewall. You may want your DSL router to act as a DHCP server for your LAN.


Help with browsers and devices

FireFox

  1. Menu
  2. Preferences
  3. Scroll down to Network Setting...
  4. Scroll down and tick 'Enable DNS over HTTPS' and enter in a Custom provider: https://dns.aa.net.uk/dns-query
Firefox-DoH.png

Checking your browser

In your Firefox URL bar, type: about:networking and enter. Then click DNS on the left, and you should see your DNS lookups, and they shoudl have TRR (Trusted Recursive Resolver) listed as true.

Chrome

DoH is expected to be a feature in Chrome version 78

Android (DoT)

DoT is supported in Android version 9 and up

Android-dot-setting.jpg
  1. Settings
  2. Search for “DNS” in settings search bar
  3. Go to PrivateDNS setting screen
  4. Tap 'Private DNS provider hostname', and Set: dns.aa.net.uk
  5. Click Save

Using DOH with curl

Note: curl version 7.62.0 or above is required, here's an example:

curl --doh-url https://dns.aa.net.uk/dns-query https://www.aa.net.uk

This will download the www.aa.net.uk webpage but would have used the DOH server to resolve the DNS.