cancel
Showing results for 
Search instead for 
Did you mean: 

Why have Plusnet blocked secure DNS?

Highlighted
Community Gaffer
Community Gaffer
Posts: 14,492
Thanks: 2,115
Fixes: 148
Registered: ‎04-04-2007

Re: Why have Plusnet blocked secure DNS?

@pv we considered a similar approach back when we deployed it.

Anyway, for anybody suffering this problem who might want to leave Safeguard enabled: I've done a bit of tinkering and it seems that whitelisting your DoT resolver of choice will also work around this problem:-

saveguard.JPG

nslookup dns.google 213.120.234.38
Server:  indnsc102.bt.net
Address:  213.120.234.38

Non-authoritative answer:
Name:    dns.google
Addresses:  2001:4860:4860::8844
          2001:4860:4860::8888
          8.8.8.8
          8.8.4.4


>nslookup 1dot1dot1dot1.cloudflare-dns.com 213.120.234.38
Server:  indnsc102.bt.net
Address:  213.120.234.38

Non-authoritative answer:
Name:    1dot1dot1dot1.cloudflare-dns.com
Addresses:  2606:4700:4700::1111
          2606:4700:4700::1001
          1.0.0.1
          1.1.1.1


>nslookup dns.quad9.net 213.120.234.38
Server:  indnsc102.ukcore.bt.net
Address:  213.120.234.38

Non-authoritative answer:
Name:    dns.quad9.net
Addresses:  2620:fe::fe
          2620:fe::9
          149.112.112.112
          9.9.9.9

 

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Highlighted
Grafter
Posts: 53
Thanks: 3
Registered: ‎12-06-2019

Re: Why have Plusnet blocked secure DNS?


@bobpullen wrote:

@pv we considered a similar approach back when we deployed it.

 

I see. Interesting the idea was abandoned then, I'm generally of the opinion that if you are going to implement something that is so trivial to circumvent, you might as well not bother at all.

Highlighted
Aspiring Hero
Posts: 12,449
Thanks: 589
Fixes: 18
Registered: ‎01-09-2007

Re: Why have Plusnet blocked secure DNS?

So Safeguard blocks access to DNS resolvers such as google and 1.1.1.1 by default?

 

"In The Beginning Was The Word, And The Word Was Aardvark."

Highlighted
Community Gaffer
Community Gaffer
Posts: 14,492
Thanks: 2,115
Fixes: 148
Registered: ‎04-04-2007

Re: Why have Plusnet blocked secure DNS?

No. It blocks access to the hostname equivalents; the ones you would use to configure a device for DNS over TLS.

If you configure a client to simply use the IP address of another traditional DNS resolver, then Safeguard doesn't get a say in it.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Highlighted
Newbie
Posts: 2
Registered: a week ago

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight

Same issue here, it took me a while to find out what's wrong with my phone, since it's the only phone in the house that uses private dns. But it stopped working a 1-2 weeks ago. On mobile data, it works just fine. Any solution for this?

Highlighted
Superuser
Superuser
Posts: 8,599
Thanks: 1,969
Fixes: 129
Registered: ‎30-07-2007

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight

@Horvi  check this thread https://community.plus.net/t5/Tech-Help-Software-Hardware-etc/Why-have-Plusnet-blocked-secure-DNS/td... .  It appears that you may need to whitelist the private dns urls if you have Safeguard enabled

Highlighted
Community Veteran
Posts: 5,602
Thanks: 361
Fixes: 6
Registered: ‎11-08-2007

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight


@Horvi wrote:

Any solution for this?


 

See workaround here -  Why have Plusnet blocked secure DNS? 

 

EDIT: @MisterW beat me to it !

Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.5-p1 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
Highlighted
Newbie
Posts: 2
Registered: a week ago

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight

Thank you guys! However I'm not sure how to do it. Please pretend I'm a 5y old. I used dns.adguard.com on my phone. How to whitelist it? Thanks Smiley
Highlighted
Superuser
Superuser
Posts: 8,599
Thanks: 1,969
Fixes: 129
Registered: ‎30-07-2007

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight

@Horvi  look above at post 46.

Login to your account on the member centre, click the broadband icon and select Safeguard from the Help and settings links towards the bottom of the page.

Then select Allow websites and enter dns.adguard.com into the Add a website box and click Add

 

That should just about do it...

Highlighted
Moderator
Moderator
Posts: 23,894
Thanks: 4,183
Fixes: 1,071
Registered: ‎11-01-2008

Re: DNS over TLS (Private DNS) on Android suddenly stopped working overnight


Moderators Note


Topics merged and then moved to Everything Else from Fibre. 

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'