Windows DNS config overrides router DNS config?
Hi!
Assuming i configure my Windows PCs DNS configuration to use 1.1.1.1 / 2606:4700:4700::1111 DoH (DNS over HTTPS)
I'd assume that this configuration would override the DNS configuration that i receive from my Router?
However i stumbled across this post
which essentially claims that DNS requests made by a device can still be forcibly redirected to a local DNS.
My question is whether this would also work for a dns like 1.1.1.1 using DoH?
9 Replies
in short i would like to make sure that the DNS requests that my pc makes are not intercepted or answered by someone that isn't cloudflare
Yeah that won’t happen with DoH. It’s encrypted vs the plain text standard DNS.
Someone could theoretically intercept it but they would need a valid SSL certificate for 1.1.1.1 and be able to reroute the traffic to their 1.1.1.1
and unless they are able to install that certificate on my machine it would not be trusted i assume
Yes. It would have to be trusted on your machine for it to work.
very glad to hear that ^-^
if I was using 1.1.1.1 without DoT or DoH, is there a way I can check on my machine if my dns queries are being redirected or answered by someone else?
what do you mean by that 🤔
ah, gotcha
well there is some stuff that's been done against it like case randomization and dns cookies which just work for you: https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
if you're worried though just DoT/DoH, you can setup a local resolver using software like adguard to do caching and forward to DoT/DoH
that would be interesting to do, is there any documentation on that?
it's a pretty popular thing, lots of youtube videos out there "how to setup adguard home", https://adguard-dns.io/kb/adguard-home/getting-started/
Pihole is another option/software but Adguard home has a few more features and cool stuff
my bad, thanks for the pointer :)