🌐 Website Issue | Small section on how to confirm that encrypted DNS is working #1152

New Issue

2019-08-13T11:03:26Z

Mikaela commented

2019-08-13 11:03:26 +00:00

(Migrated from github.com)

Description

I initially saw @nitrohorse suggest this and later also saw a question on Reddit how to verify DoH working where he had answered.

DoH / DoT
- General advice: check the website of your DNS provider, it may have a test telling "you are using X DNS".
- Firefox: go to about:networking#dns, if the TRR field says True, you are using DoH.
  - Should we note here that it's normal that some first queries such as captive portal checking may be going plaintext? Is it OK that our instructions allow downgrading to insecure DNS if DoH is down? I guess as optimally the user has global DNS encryption and eDNS is just going to benefit as DoH?
DNSCrypt-proxy
- see above or just stop it, if you have configured it correctly, your DNS queries stop working (with the exception of possible DoH in Firefox)
DNSSEC
- http://dnssec.vs.uni-due.de/
QNAME minimization
- if you have access to the dig command, dig +short txt qnamemintest.internet.nl
  - @nitrohorse would you happen to remember the source for this test?
Anything else I am forgetting?

## Description I initially saw @nitrohorse suggest this and later also saw a question [on Reddit how to verify DoH working](https://www.reddit.com/r/privacytoolsIO/comments/cplstn/doh_confirmation_test/) where he had answered. * [ ] DoH / DoT * General advice: check the website of your DNS provider, it may have a test telling "you are using X DNS". * Firefox: go to `about:networking#dns`, if the TRR field says `True`, you are using DoH. * Should we note here that it's normal that some first queries such as captive portal checking may be going plaintext? Is it OK that our instructions allow downgrading to insecure DNS if DoH is down? I guess as optimally the user has global DNS encryption and eDNS is just going to benefit as DoH? * [ ] DNSCrypt-proxy * see above or just stop it, if you have configured it correctly, your DNS queries stop working (with the exception of possible DoH in Firefox) * [ ] DNSSEC * http://dnssec.vs.uni-due.de/ * [ ] QNAME minimization * if you have access to the dig command, `dig +short txt qnamemintest.internet.nl` * @nitrohorse would you happen to remember the source for this test? * Anything else I am forgetting?

👍 1

nitrohorse commented

2019-08-13 14:29:41 +00:00

(Migrated from github.com)

Hmm this looks good 😄 the source of that I found from here, specifically on slide 25.

Hmm this looks good 😄 the source of that I found from [here](https://discourse.pi-hole.net/t/unbound-and-qname-minimisation/10038/2), specifically on [slide 25](https://nlnetlabs.nl/downloads/presentations/unbound_qnamemin_oarc24.pdf).

👍 1

nitrohorse commented

2019-08-16 05:18:42 +00:00

(Migrated from github.com)

I see DNSCrypt also links to https://www.dnsleaktest.com for testing.

I see DNSCrypt [also links](https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0#test-dnscrypt) to https://www.dnsleaktest.com for testing.

👍 1

This repo is archived. You cannot comment on issues.