-
What is the best DNS for privacy?
With the default configuration, your router uses DNS servers run by your ISP. As such, the ISP can easily collect information about the websites you’re visiting (and the apps you’re using). You can override the router’s default settings to make it use other DNS services such as OpenDNS, Quad9 or Cloudflare. But since the DNS queries pass through your ISP gateway and are not encrypted, your ISP can still collect your DNS info.
DoH/DoT alone is not enough
DNS encryption protocols, i.e., DNS over HTTPS (DoH) and DNS over TLS (DoT), encrypt your DNS queries before sending them over to the DNS service. Even though the queries still pass through your ISP gateway, the ISP can no longer see the domain names.
But now, the DNS service you’re using knows all your DNS queries and your IP address. Unless you’re really sure that the DNS service protects your privacy, you’re not in a much better position.
Add a VPN to the mix
When you establish a VPN connection to your VPN service, your DNS server switches to that of the VPN service. Therefore, your VPN provider knows all your Internet activities. Many (almost all?) VPN services promise no-logs policies, but some turned out not true. How do you hide your DNS queries from your VPN service?
As it turned out, you can get complete DNS privacy by tunneling DoH/DoT through a VPN.
As can be seen from the picture above:
- The ISP cannot see what’s happening because the traffic is encapsulated in the VPN tunnel.
- The VPN service cannot see the DNS lookups because the queries are encrypted with TLS.
- The DNS service knows the domain names you’re looking up, but it doesn’t see your IP address.
How to do this on the pcWRT router
On the pcWRT router, you can enable DNS over HTTPS (DoH) on the Internet Settings page. Once DoH is enabled on the router, the selected DoH service will be used for all your VPN client connections on the router, instead of the DNS service assigned by your VPN.
Here are the steps:
- Check “Use custom DNS servers”
- Check “Enable DNS over HTTPS (DOH)”
- Select the DOH server to use
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
