Sonic.net

Sonic.net Forums
https://forums.sonic.net/

DNS over TLS to Sonic DNS servers

https://forums.sonic.net/viewtopic.php?t=16976

Page 1 of 1

DNS over TLS to Sonic DNS servers

Posted: Sat Jul 03, 2021 1:26 pm
by vxg9tj43pto
Does Sonic have any plans to support DNS over TLS on 50.0.1.1 / 50.0.2.2? This would be helpful for pfSense users who want to use Sonic's servers with, e.g., 1.1.1.1 as backup , since pfSense has an all-or-none approach to supporting DNS over TLS.

Re: DNS over TLS to Sonic DNS servers

Posted: Tue Jul 06, 2021 4:34 am
by ewhac
Based on previous discussion of DoH last year, my guess would be it's not a priority for Sonic.

Re: DNS over TLS to Sonic DNS servers

Posted: Wed Jul 07, 2021 9:29 am
by sfjames
I would second that as I have a new Netgate box on my desk and will be configuring it soon...

Re: DNS over TLS to Sonic DNS servers

Posted: Fri Jul 09, 2021 1:46 pm
by sysops
Disclaimer: I'm not affiliated with Sonic...

...but I run a public DNSCrypt resolver that is colocated in Sonic's data center in Santa Rosa. If your devices support DNSCrypt please feel free to use it.

It uses Sonic's recursive DNS servers as its upstream resolvers, and as such only adds 2-4ms of latency to any given query. If you are on Sonic's network (i.e. DSL/Fiber customer, or VPN) then the queries it's nearly as fast as using Sonic's own DNS infrastructure.

https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md#resolver4dnsopeninternetio

I'm not running any DoH or DoT resolvers at this time because I like the security, privacy, simplicity, and performance DNSCrypt offers over DoH & DoT. Setting up a DoH server is far, far more complicated, requires certificates signed by a trusted CA, and can be slower than DNSCrypt.

https://dnscrypt.info/faq/

Re: DNS over TLS to Sonic DNS servers

Posted: Fri Aug 06, 2021 5:34 pm
by sysops
More info here: viewtopic.php?f=10&t=15026&p=58213#p58212

I'm now running a DoH (not DoT) server in Sonic's colocation facility (remember, no way affiliated with Sonic itself) in addition to the DNSCrypt server mentioned in the previous post.

Feel free to use it: https://resolver4.dns.openinternet.io/dns-query

It uses Sonic's recursive resolvers as its upstream DNS provider.

Re: DNS over TLS to Sonic DNS servers

Posted: Tue Aug 09, 2022 7:28 pm
by kgc
It's worth taking a gander at the FAQs section here https://www.isc.org/blogs/bind-implements-doh-2021 - pay particular mind to the "The original motivation for DoH was to offer the end user a way to bypass their access provider’s DNS system, and to prevent their access provider from snooping, blocking or monetizing their DNS query traffic." DOT serves more or less the same purpose.
All times are UTC-07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/