[Wireless Router] Does ASUS router support DNS over TLS (DNS Privacy Protocol)? How to set up? | Official Support

ASUS Support FAQ

FAQ

[Wireless Router] Does ASUS router support DNS over TLS (DNS Privacy Protocol)? How to set up?

Choosing to use DNS-over-TLS (DoT) in the DNS privacy protocol can improve DNS security and protect your network from DNS queries. When the DNS over TLS (DoT) protocol is enabled, all incoming DNS queries will be sent to the server address specified in the configuration.

If your Internet Service Provider (ISP) or VPN server provider provides DNS over TLS (DoT) parameters that need to be set, you can complete the settings through the steps in this article.

Note:

This feature is only supported on the firmware version later than 3.0.0.4.386.4xxxx. Please make sure the firmware version of your ASUS router is up to date.

For the information of how to upgrade firmware, please refer to the following FAQ: How to update the firmware of your router to the latest version

1. Connect your laptop to the router via wired or Wi-Fi connection and enter your router LAN IP or router URL https://www.asusrouter.com to the WEB GUI.

Please refer to How do I enter my ASUS router's setting page using web GUI to learn more.

2. Key in your router's username and password to log in.

Note: If you forget the username and/or password, please restore the router to the factory default status and setup.

Please refer to How to reset the router to factory default setting? for how to restore the router to default status.

3. Go to [ WAN ] > [ Internet Connection ] > Select [ DNS over TLS(DoT) ]

Note: The DNS privacy protocol is [None] by default. You need to select [DNS-over-TLS (DoT)] before the following DNS over TLS setting items will appear.

4. Select the server you want to use in the drop-down list of [ Reset servers ].

5. After selection, the DNS-over-TLS Server server list will be automatically filled in. Click [ Add ] to add to the list.

If you want to fill it in manually, please contact your Internet Service Provider (ISP) or VPN server provider for the following information.

IP Address : The IP address of the nameserver, as shown in the example below [8.8.8.8].
TLS Hostname : Authentication domain name checked against the server certificate, as shown in the example below [ dns.google ].
TLS port (optional) : Defaults to port 853 if left empty.
SPKI Fingerprint (optional) : This field can be left empty if no settings are required. SPKI fingerprint (Subject Public Key Info finger print) can be used as an additional security measure to authenticate the server. The purpose of this is to ensure that the client connects to the server it is intended to connect to, rather than some malicious man-in-the-middle attack.

6. Click [ Apply ] to save the settings.

FAQ

1 . After setting up DNS over TLS (DoT), why can’t I open the web page or connect to the Internet?

a. Please check whether the parameters entered in your DNS-over-TLS Server server list are correct. For correct information, please contact your Internet Service Provider (ISP) or VPN server provider.
b. Please confirm whether it can be used normally after changing [DNS Privacy Protocol] to [None] (default).

c. If [WAN DNS Setting] is set, please change the DNS server setting to automatically connect to WAN DNS (default) and confirm whether it can be used normally.
For the setting, please refer to the FAQ [Wireless Router] How to manually assign WAN DNS server to ASUS Router
d. If the DNS server is set in DHCP, please change the DNS server setting to left empty (default) and confirm whether it can be used normally.
For the setting, please refer to the FAQ [LAN] How to set up DHCP Server on ASUS Router
e. Please make sure you are using the latest router firmware version, and restore the wireless router to its original factory settings before completing the settings according to the instructions in this article. Please refer to the FAQ

How to update the firmware of your router to the latest version
How to reset the router to factory default setting

2. What is the difference between [ Strict ] mode and [ Opportunistic ] mode in DNS-over-TLS Profile?

The DNS-over-TLS Profile defaults to [ Strict ] mode.

In Strict mode, only allow the use of a DNS server if the identity of the remote server can be.
In opportunistic mode it will attempt to authenticate, but will still be used that the server if it fails to authenticate its identity, allowing name resolution to still work properly.

How to get the (Utility / Firmware)?

You can download the latest drivers, software, firmware and user manuals in the ASUS Download Center.

If you need more information about the ASUS Download Center, please refer this link

Was this information helpful?

Yes No

Contact Support

If you need more help, see our solutions to get support.

Above information might be partly or entirely quoted from exterior websites or sources. please refer to the information based on the source that we noted. Please directly contact or inquire the sources if there is any further question and note that ASUS is neither relevant nor responsible for its content/service
This information may not suitable for all the products from the same category/series. Some of the screen shots and operations could be different from the software versions.
ASUS provides the above information for reference only. If you have any questions about the content, please contact the above product vendor directly. Please note that ASUS is not responsible for the content or service provided by the above product vendor.
Brand and product names mentioned are trademarks of their respective companies.

ASUS Support FAQ