cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NEED SOME HELP?

We’re here 24/7. 365 days a year.
Ask questions. Find your answers. Connect.

Privacy warning - This network is blocking encrypted DNS traffic

KeithFrench
Community Star
Private Message TalkTalk
Message 1 of 1

This subject is involved & not knowing how much you know, or want to know about it, I will try to explain.

 

When you type a website address URL in the browser this must be converted to an IP address, as the URL is not rotatable, only an IP address is. The function of DNS is to do this conversion. Whilst your website data & responses you make to it are all encrypted via HTTPS, if your DNS traffic is inspected, then an ISP or hacker can see what websites you have visited, but not the data you have exchanged with that website. There is a newer version of DNS called DNS over HTTPS (DoH). This is where the DNS queries & answers are also encrypted over HTTPS, just like the data to & from a website is these days.

 

For DoH to work, the browser must support this and be configured to use it. In addition to that the DNS server you are using must also support DoH (e.g. Google DNS, openDNS & Cloudflare).

 

Traditionally each device on your network is allocated a DNS server to use when it is allocated its own IP address. With all routers, this would normally be the IP address of the router, as it has a DNS server built into it. When you visit a webpage (e.g. microsoft.com), not only must the actual ms.com URL be resolved to its IP address, so must any part of that page that is pulled in from another website (e.g. adverts etc). All of these must be resolved via DNS to their respective IP addresses before the page is fully displayed. The great thing is that these DNS requests are handled really quick, as the DNS server used by your devices, resides on your local LAN (your router). These "network" DNS servers such as Google etc are mainly based in the US. So you need to consider which is closer from a time perspective, your router's DNS server or the one in the US?

 

In time I guess the router's DNS server will become encrypted, but until then you have a performance choice to consider. Do you allocate the device its nearby router as its DNS server or one of these that are located in the US? Prior to fibre, this was much more of a problem, because the time it took a DNS packet to reach the US, was far greater than it took to reach your router. Now, depending on your fibre speed it may only take a few more ms, so might be OK.

 

On the Sagemcom Wi-Fi Hub this can be done by logging into it & going to:-

 

Dashboard > See Wi-Fi Settings > Manage Advanced Settings > TalkTalk Wi-Fi Hub > DNS

 

Set the primary & secondary IP addresses of your choice

 

In the Huawei Wi-Fi hub this can be done by logging into it & going to:-

 

Dashboard > See Internet Settings > Manage advanced settings > Advanced Configuration > LAN Configuration > DHCP Server Configuration

 

and set the Primary DNS server & Secondary DNS server fields as required.

 

The DNS server addresses that can be used are:-

  • Google (8.8.8.8 or 8.8.4.4)
  • openDNS (208.67.222.222 or 208.67.220.220)
  • Cloudflare (1.1.1.1 or 1.0.0.1)

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes
0 REPLIES 0