Why are you using DoT instead of DoH?


Why GL using DoT instead of DoH? DoT can be blocked by censors in non free countries. Doh cannot for obvious reasons…

@alzhao and @yuxin.zou can you consider adding this feature?

I mean DOH…

1 Like

DOH has been in the firmware already

This is a good question - DoH will run into fewer firewalls blocking the traffic since it runs over 443 and looks like standard https traffic. As @Bruce states, DoH seems to be more prevalent than DoT. DoT uses a specific port, 853, that would give away the fact that DoT is in use (most likely). The query and answer responses are still encrypted via TLS, so privacy is still ensured. But similar can happen with DoH if well-known DoH servers are in use by watching IP src/dst. Either one can be discovered, though, because the client will likely connect to the queried DNS record directly after the answer is provided. All of this really depends on who you are seeking privacy from. DoH prevents your local provider from seeing it, but certainly the DNS provider can. But your local provider can see the subsequent connection and tell what domain name you are connecting to.

All that said, I would likely use DoH instead of DoT when provided the choice. I generally use my own DNS over VPN, though, as my first choice.

Where? I see only DoT (Cloudflare and NextDNS)

What is your device model and firmware version?

E-750v2. It says “firmware up to date”

Unfortunately, the E750v2 has weak hardware to support DoH. it doesn't have enough CPU or RAM.

1 Like