Discuss mailing list

[the-old-p <the-old-p AT proton.me>]

Hi,

you are right, but what if you want to use opennic DNS by default without using a proxy or a wlan. Just use your Mobile Commection. Thats the Idea.

CU

Yang, Dianshi <cyberfox AT udel.edu> schrieb am Sonntag, 24. August 2025 um 12:37 nachm.:

Hello,

I think you don't need to make another subdomain for DoT. I think Android phone uses DoT ( TLS via port 853) by default for private DNS settings.

Thanks

On Sun, Aug 24, 2025 at 7:25 AM the-old-p <the-old-p AT proton.me> wrote:

Hello,

I use opennic with my android phones.

For this i use the "Private DNS" Setting.

Algorithm is as follows:

• Resolve the DNS Server in Private DNS-Settings ( with normal DNS )
• Connect via TLS
• Certificate validity check
• Use private DNS Server

An official DNS Entry is needed with a valid Certificate ( eg letsencrypt ) outside of opennic

I made a POC for this under the-old-p.gotdns.org and ns.the-old-p.pirate

What do you think about making an Record like dot.opennic.org, doh.opennic.org

and set the A Records to IP Address of some tier2 servers that want to support this.
DOH and DOT ćan be made multi domain capable with help of nginx.

I can provide the setup as used in my POC.

CU

Gerd

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org