If you do try DNSSEC, try the test at once it is set up.īut it doesn't harm anything to enable DNSSEC, right? I mean: It's better to enable DNSSEC than to disable it, isn't it? And in the future maybe it'll be more widely adopted by at least banks, financial institutions, government/health institutions etc? At least I hope that. Check out individual websites at to see if they have DNSSEC set up. The last time I researched it, here in the US it was used by one or two small banks out of several thousand banks, making it essentially worthless, a placebo. It protects the integrity of DNS lookups for only if Your Bank has explicitly set it up with their DNS provider. SurprisedItWorks wrote:ĭon't get too excited about DNSSEC. But it's good for me to know and be prepared and know the caveats in advance. You can't mix in the standard server= lines we've been discussing, for example, or you'll end up with a mixture of DNSCrypt and non-DNSCrypt DNS queries. If you use DNSCrypt, you need to keep other dnsmasq stuff compatible. And, if you use the built-in button and menu, that line will be set up by dd-wrt, not you. It uses its own ports (different for each provider) and the server line in dnsmasq will look like server=127.0.0.1#30 to provide a connection to the dnscrypt-proxy process internal to your router. SurprisedItWorks wrote:Īlso remember that DNSCrypt setup is a bit of a special thing.
WHERE DOES NAMEBENCH SAVE REPORT PROFESSIONAL
I learn a lot about networking with DDWRT for a low cost and I love that it gives some of the same features as professional (and more expensive) routers provide. I do however look a bit further, because I think the world of networking is interesting and DDWRT is more opensource so it gives more options and I feel I get a better understanding of how I should/can optimize my home network in terms of LAN-segmentation, security and I also just love linux. Why look further? That's as good as it gets for encrypted DNS.) (Merlin looks to be offering you DoT right out of the box. But no-resolv will also lead to ignoring servers pushed by your vpn provider, leaving your vpn activity dependent on your standard dnsmasq setup, encrypted only if you have carefully set up encrypted dns of some sort. You'll otherwise fall back to the latter servers as backup. In dnsmasq you'll also need to add no-resolv (no "e" there) if you want to use only the servers specified in the dnsmasq config commands and ignore the ones specified elsewhere, like on dd-wrt's Basic Setup page. Stubby for DNS over TLS I DNSCrypt v2 by mac913ĭon't forget you'll need # and not : for specifying a port in dnsmasq's server= lines. Netgear R7000 -DD-WRT 47692 AP, Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN Netgear R9000 -DD-WRT 47692 AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla Netgear R7800 -DD-WRT 47692 AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla TP-Link WR1043NDv2 -Gargoyle OS 1.13.0b AP,NAT,QoS,Quotas TP-Link WR1043NDv2 -DD-WRT 47692 AP,NAT,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN TP-Link WR1043NDv2 -DD-WRT 47822 AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN They do that thing and where my friend is working, may be i didn't understand what the Packets Cleaning House stands for (PCH) and how d'fk that filtering goes on Well in UK 9.9.9.9 comes trough PCH server's where Location: UK, London, just across the river.