Max ResingDec 10

Reaching out to anyone who configured their DNS transport protocol. If you intentionally configured your home router's or your devices DNS service, what did you pick, and why?

Please retoot for reach.

#DNS #Survey #AskMastodon #AskFedi #AskInfosec #DoT #DoH #DoQ #TLS #QUIC #TCP #UDP #HTTPS

DNS-over-UDP
38.1%
DNS-over-TCP
4.8%
DoT
19%
DoH
33.3%
DoQ
4.8%
Poll ended at .
Show threadIchinin   ✅🎯🙄Dec 10

@resingm DNS choses when it talks over UDP and TCP. Default is UDP, but when the query size gets larger than 512 bytes (as per RFC) it go to TCP. Cases for TCP include IPv6 queries and IPSec packets.

And i have never seen a router that support DoT/DoH/DoQ.

Show threadMax Resing

@Ichinin - That is not really correct. a), you can still enforce DNS over TCP if you want. b), DNS over TCP is enforced when you hit rate-limits. Also many infosec folks run their own stub resolver in their network (so do I). It is trivial to configure it to use DoT for instance.

Additionally, some router software certainly supports other means than just Do53. A modern FritzBox also supports DoT out of the box, but is not enabled by default.

Dec 10 at 4:44pmWeb
Show threadIchinin   ✅🎯🙄Dec 10
@resingm you cant enforce it if the configuration for settings does not support in, and most people use their router with the standard software. Most people meaning most people, not just CS people.
Show threadMax ResingDec 11
@Ichinin - Yes, and I addressed people who intentionally configured their DNS services. As the first sentence in the post says.
Show threadIchinin   ✅🎯🙄Dec 11

@resingm It still can't be done on commercial hardware/software as it doesn't support your edge case. All you get is "enter DNS server in this field" and nothing more, unless you install something that lets you do that on your router.

And with that i block you because you doesn't seem to grasp the concept of configuring DNS on standard hardware - and i question if you have ever seen a configuration screen on a router or operating system.