DNS over TLS to Sonic DNS servers

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
6 posts Page 1 of 1
by vxg9tj43pto » Sat Jul 03, 2021 1:26 pm
Does Sonic have any plans to support DNS over TLS on 50.0.1.1 / 50.0.2.2? This would be helpful for pfSense users who want to use Sonic's servers with, e.g., 1.1.1.1 as backup , since pfSense has an all-or-none approach to supporting DNS over TLS.
by ewhac » Tue Jul 06, 2021 4:34 am
Based on previous discussion of DoH last year, my guess would be it's not a priority for Sonic.
by sfjames » Wed Jul 07, 2021 9:29 am
I would second that as I have a new Netgate box on my desk and will be configuring it soon...
by sysops » Fri Jul 09, 2021 1:46 pm
Disclaimer: I'm not affiliated with Sonic...

...but I run a public DNSCrypt resolver that is colocated in Sonic's data center in Santa Rosa. If your devices support DNSCrypt please feel free to use it.

It uses Sonic's recursive DNS servers as its upstream resolvers, and as such only adds 2-4ms of latency to any given query. If you are on Sonic's network (i.e. DSL/Fiber customer, or VPN) then the queries it's nearly as fast as using Sonic's own DNS infrastructure.

https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md#resolver4dnsopeninternetio

I'm not running any DoH or DoT resolvers at this time because I like the security, privacy, simplicity, and performance DNSCrypt offers over DoH & DoT. Setting up a DoH server is far, far more complicated, requires certificates signed by a trusted CA, and can be slower than DNSCrypt.

https://dnscrypt.info/faq/
Proud Sonic customer since 1999. Ask me about internet privacy, VPN, anonymity and security.
by sysops » Fri Aug 06, 2021 5:34 pm
More info here: viewtopic.php?f=10&t=15026&p=58213#p58212

I'm now running a DoH (not DoT) server in Sonic's colocation facility (remember, no way affiliated with Sonic itself) in addition to the DNSCrypt server mentioned in the previous post.

Feel free to use it: https://resolver4.dns.openinternet.io/dns-query

It uses Sonic's recursive resolvers as its upstream DNS provider.
Proud Sonic customer since 1999. Ask me about internet privacy, VPN, anonymity and security.
by kgc » Tue Aug 09, 2022 7:28 pm
It's worth taking a gander at the FAQs section here https://www.isc.org/blogs/bind-implements-doh-2021 - pay particular mind to the "The original motivation for DoH was to offer the end user a way to bypass their access provider’s DNS system, and to prevent their access provider from snooping, blocking or monetizing their DNS query traffic." DOT serves more or less the same purpose.
Kelsey Cummings
System Architect, Sonic.net, Inc.
6 posts Page 1 of 1

Who is online

In total there are 36 users online :: 2 registered, 0 hidden and 34 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Bing [Bot], Google [Bot] and 34 guests