5
Votes

Omada DNS over TLS using hostname

 
5
Votes

Omada DNS over TLS using hostname

Omada DNS over TLS using hostname
Omada DNS over TLS using hostname
2024-05-29 15:58:54 - last edited 2024-05-31 02:01:16
Model: ER8411  
Hardware Version: V1
Firmware Version:

Please implement the possibility to use a hostname as DNS over TLS upstream in Omada SDN.

Currently, it is possible to set an IP only (like plain DNS, 53). Hostname/URL DNS upstream is available only on DOH.

 

Using custom hostnames as DNS server is necessary to let the DNS server identify the origin of the queries (see NextDNS, RethinkDNS or ControlD smart-DNS services).

 

#1
Options
5 Reply
Re:Omada DNS over TLS using hostname
2024-05-30 01:48:11

Hi @Bianco8

Thanks for posting in our business forum.

Just a reminder, it is IP only but encrypted. There is no difference in IP and hostname or FQDN.

Thank you for your improvement feedback on this.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#2
Options
Re:Omada DNS over TLS using hostname
2024-05-30 07:08:30

  @Clive_A 

Hello,
Many Smart DNS services using DOT require to specify the host/subdomain. This will allow the DNS resolver to apply specific policy.
I'm using ControlD DNS and have a different subdomain[.]domain[.]com upstream, which all resolves to 1 AnyCast IP.
 

DNS-over-TLS/DoQ
user-id-or-device-profile [.] dns-domain [.] com

 

As Omada is lacking a complete DNS solution, it would be useful to add support to DNS over TLS resolver via domain, allowing customer to add static entries on their smart DNS service as workaround. Being said, this is already possible using DOH, but I don't see why it shouldn't be available on DOT as the protocol per se it's already present.

#3
Options
Re:Omada DNS over TLS using hostname
2024-05-31 02:01:02

Hi @Bianco8 

Thanks for posting in our business forum.

Bianco8 wrote

  @Clive_A 

Hello,
Many Smart DNS services using DOT require to specify the host/subdomain. This will allow the DNS resolver to apply specific policy.
I'm using ControlD DNS and have a different subdomain[.]domain[.]com upstream, which all resolves to 1 AnyCast IP.
 

DNS-over-TLS/DoQ
user-id-or-device-profile [.] dns-domain [.] com

 

As Omada is lacking a complete DNS solution, it would be useful to add support to DNS over TLS resolver via domain, allowing customer to add static entries on their smart DNS service as workaround. Being said, this is already possible using DOH, but I don't see why it shouldn't be available on DOT as the protocol per se it's already present.

OK. You may use the DoH before the DoT is officially supported.

Will send this request to the dev.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#4
Options
RE:Omada DNS over TLS using hostname
2024-05-31 16:01:13
DNS over TLS is more secure than DNS of Https
#5
Options
Re:Omada DNS over TLS using hostname
2 weeks ago

  @Clive_A  Hello, it's been a while since this feature was requested (and in multiple threads older than this one). Is there an update on using fqdn for DoT just like we can do now with DoH?

This is a desired feature since DoT, as others have said, its more secure than DoH.

#6
Options