Hi all,
what´s a little strange, am having here no problems with DoT. Have also activated ‘QNAME minimization strict’. Amazon, Wikipedia, …, no problems with non of them.
Current DoT config looks like this:
22,159.69.114.157,fdns2.dismail.de,enabled,dismail.de (mit DNS-over-TLS sowie Werbe- Tracker
3,89.233.43.71,unicast.censurfridns.dk,enabled,censurfridns
21,80.241.218.68,fdns1.dismail.de,enabled,dismail.de (mit DNS-over-TLS sowie Werbe- Tracker
14,185.49.141.37,getdnsapi.net,enabled,GetDNSapi
26,199.58.81.218,dns.cmrg.net,enabled,Provider: dkg
23,46.182.19.48,dns2.digitalcourage.de,enabled,Digitalcourage
7,145.100.185.18,dnsovertls3.sinodun.com,enabled,Sinodun 1
24,185.95.218.42,dns.digitale-gesellschaft.ch,enabled,Digitale Gesellschaft (CH) (mit DNS-over-TLS )
11,159.69.198.101,dot-de.blahdns.com,enabled,BlahDNS 2 DE
20,37.252.185.232,dot1.appliedprivacy.net,enabled,Foundation for Applied Privacy
25,130.59.31.248,dns.switch.ch,enabled,DNS-over-TLS Servers by switch.ch
4,81.3.27.54,recursor01.dns.lightningwirelabs.com,enabled,Lighningwirelabs TLS
27,80.241.218.68,fdns1.dismail.de,enabled,https://dismail.de/info.html#dns
29,185.222.222.222,dns.sb,enabled,DNS SB
18,116.203.70.156,dot1.dnswarden.com,enabled,DNSwarden
15,146.185.167.43,dot.securedns.eu,enabled,SecureDNS
8,199.58.81.218,dns.cmrg.net,enabled,Cmrg
28,116.203.35.255,uncensored-dot.dnswarden.com,enabled,https://github.com/bhanupratapys/dnswarden
9,89.234.186.112,dns.neutopia.org,enabled,Neutopia
19,116.203.35.255,dot2.dnswarden.com,enabled,DNSwarden 1
5,158.64.1.29,kaitain.restena.lu,enabled,kaitain
6,145.100.185.17,dnsovertls2.sinodun.com,enabled,Sinodun
with the following results:
From Host: fdns2.dismail.de ---- With IP: 159.69.114.157 ---- Date: Thu 16 Apr 2020 07:40:21 PM CEST
in 35.2 ms
The encryption is OK and works with: TLS1.2-ECDHE-X25519-RSA-SHA256-CHACHA20-POLY1305
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: unicast.censurfridns.dk ---- With IP: 89.233.43.71 ---- Date: Thu 16 Apr 2020 07:40:21 PM CEST
in 859.0 ms
The encryption is OK and works with: TLS1.2-ECDHE-SECP256R1-RSA-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: fdns1.dismail.de ---- With IP: 80.241.218.68 ---- Date: Thu 16 Apr 2020 07:40:22 PM CEST
in 128.3 ms
The encryption is OK and works with: TLS1.2-ECDHE-X25519-RSA-SHA256-CHACHA20-POLY1305
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: getdnsapi.net ---- With IP: 185.49.141.37 ---- Date: Thu 16 Apr 2020 07:40:23 PM CEST
in 412.6 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dns.cmrg.net ---- With IP: 199.58.81.218 ---- Date: Thu 16 Apr 2020 07:40:23 PM CEST
in 269.0 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dns2.digitalcourage.de ---- With IP: 46.182.19.48 ---- Date: Thu 16 Apr 2020 07:40:24 PM CEST
in 276.3 ms
The encryption is OK and works with: TLS1.2-ECDHE-SECP256R1-RSA-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dnsovertls3.sinodun.com ---- With IP: 145.100.185.18 ---- Date: Thu 16 Apr 2020 07:40:25 PM CEST
in 608.8 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dns.digitale-gesellschaft.ch ---- With IP: 185.95.218.42 ---- Date: Thu 16 Apr 2020 07:40:26 PM CEST
in 90.2 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dot-de.blahdns.com ---- With IP: 159.69.198.101 ---- Date: Thu 16 Apr 2020 07:40:26 PM CEST
in 186.9 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-128-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dot1.appliedprivacy.net ---- With IP: 37.252.185.232 ---- Date: Thu 16 Apr 2020 07:40:27 PM CEST
;; WARNING: can't connect to 37.252.185.232@853(TCP)
;; ERROR: failed to query server 37.252.185.232@853(TCP)
Encryption do not works, this server seems to be OFF
From Host: dns.switch.ch ---- With IP: 130.59.31.248 ---- Date: Thu 16 Apr 2020 07:40:27 PM CEST
in 340.1 ms
The encryption is OK and works with: TLS1.2-ECDHE-SECP256R1-ECDSA-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: recursor01.dns.lightningwirelabs.com ---- With IP: 81.3.27.54 ---- Date: Thu 16 Apr 2020 07:40:27 PM CEST
in 318.6 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-ECDSA-SECP384R1-SHA384-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: fdns1.dismail.de ---- With IP: 80.241.218.68 ---- Date: Thu 16 Apr 2020 07:40:28 PM CEST
in 22.4 ms
The encryption is OK and works with: TLS1.2-ECDHE-X25519-RSA-SHA256-CHACHA20-POLY1305
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dns.sb ---- With IP: 185.222.222.222 ---- Date: Thu 16 Apr 2020 07:40:28 PM CEST
in 128.6 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dot1.dnswarden.com ---- With IP: 116.203.70.156 ---- Date: Thu 16 Apr 2020 07:40:29 PM CEST
;; WARNING: connection timeout for 116.203.70.156@853(TCP)
;; ERROR: failed to query server 116.203.70.156@853(TCP)
Encryption do not works, this server seems to be OFF
From Host: dot.securedns.eu ---- With IP: 146.185.167.43 ---- Date: Thu 16 Apr 2020 07:40:34 PM CEST
in 389.1 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dns.cmrg.net ---- With IP: 199.58.81.218 ---- Date: Thu 16 Apr 2020 07:40:35 PM CEST
in 248.9 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: uncensored-dot.dnswarden.com ---- With IP: 116.203.35.255 ---- Date: Thu 16 Apr 2020 07:40:35 PM CEST
;; WARNING: can't connect to 116.203.35.255@853(TCP)
;; ERROR: failed to query server 116.203.35.255@853(TCP)
Encryption do not works, this server seems to be OFF
From Host: dns.neutopia.org ---- With IP: 89.234.186.112 ---- Date: Thu 16 Apr 2020 07:40:35 PM CEST
in 169.4 ms
The encryption is OK and works with: TLS1.3-ECDHE-SECP256R1-RSA-PSS-RSAE-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dot2.dnswarden.com ---- With IP: 116.203.35.255 ---- Date: Thu 16 Apr 2020 07:40:36 PM CEST
;; WARNING: can't connect to 116.203.35.255@853(TCP)
;; ERROR: failed to query server 116.203.35.255@853(TCP)
Encryption do not works, this server seems to be OFF
From Host: kaitain.restena.lu ---- With IP: 158.64.1.29 ---- Date: Thu 16 Apr 2020 07:40:36 PM CEST
in 38.4 ms
The encryption is OK and works with: TLS1.2-ECDHE-SECP256R1-RSA-SHA512-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
From Host: dnsovertls2.sinodun.com ---- With IP: 145.100.185.17 ---- Date: Thu 16 Apr 2020 07:40:36 PM CEST
in 94.1 ms
The encryption is OK and works with: TLS1.2-ECDHE-SECP256R1-RSA-SHA256-AES-256-GCM
The certificate is trusted and OK
The DNSSEC validation works and is OK
May TCP 853 does have hard times in specific regions ? The ms´s are volatile, but may it is the simple amount of different possibilities…
Best,
Erik