Setting up custom DoT

Hey everyone👋

I’ve been trying to setup Cloudflare for Families on my home router. I’d preferably like to do this with DNS over TLS.

As you can see in the images above, I’ve edited the default config, and replaced the servers with the family Cloudflare servers.

However, it has no effect. The test website provided by Cloudflare is still unblocked:

Hoping someone here can let me know what I’m doing wrong, because I can’t seem to figure it out😄

I’m on the GL-AX1800 running the latest public beta.

first I need to know if the dhcp forwarder has been either set inside the dnsmasq config to you can also check this inside the dhcp settings from luci then you have to use # sign instead of :.

you could test to figure out if you see cloudflare at all or if you see a mixed result.

if that is fine and it shows cloudflare but also a mixed dns server, it could also be that your browser uses its own build in dns, I noticed this alot on chrome based browsers best way what you could do then is creating a port forward on udp port 53 like so:

src zone:
you could specify lan, or wifi interface

src ip: you leave empty

dst zone: wan or wireguard often its just wan anyway.

dst port 53

redirect ip to: which means your router.

1 Like

The forwarder hasn’t changed, so it’s indeed

Dnsleaktest shows multiple servers, all Cloudflare:

DNS is overridden for all clients (enabled through GL panel).

From dnsleaktest it looks fine, so it could maybe be two things:

  1. the dns server is not flushed you can do this with restarting dnsmasq via /etc/init.d/dnsmasq restart and then on windows ipconfig /flushdns and on the browser also phones chrome://net-internals/#dns

  2. it could be that the connection works, but the actual encryption is not, maybe stubby isn’t started?

If you go to luci and check the console log does it say something like transport error or getdnsapi missing?

Possible it could be it is just working and the test page is wrong, that could be verified in what stubby says in the logs, if it makes the tcp handshake without issues it should work.

I honestly don’t know what it was, I didn’t see any logs related to Stubby🤷‍♂️

I switched to NextDNS, they have some more customization anyway, so turned out alright for me😄

I restarted stubby multiple times, it didn’t seem to have any effect.

However DNS over HTTPS also seems to be ignored, as kept showing it was connected over TLS. I tried the same with NextDNS over TLS, and then switched to DoH (cloudflare). It got ignored & kept using the previously set DoT with NextDNS, even after restarting router & clients, flushing dns etc.

Looks like this might be a new issue in the latest beta @alzhao , it seems to persist even after a reset.

I was able to solve everything by flashing an older backup I had. I must have messed something up along the way😄

Marking as solved, my mistake, DNS working just fine now with.

Thanks for your help @xize11 !:pray: