This network is blocking encrypted DNS traffic? I feel like being monitored. Anyone else using Verizon home internet saw this?
You are being monitored. It’s just a matter of who. If you don’t want to be, stop using the internet and hide in a cave.
Seriously though, try turning off HNP and any parental controls enabled and see if it changes anything.
Install cloudflare warp and use it
It all depends on the threat model. If you’re on a hotel/coffee shop WiFi, then yes, you should be concerned. It’s less of an issue on your home network.
I work in Cybersecurity and I block encrypted DNS on my guest network.
It’s not about monitoring traffic, but due to prior issues I have had to block some websites on my network, encrypted dns allowed phones to bypass these controls, only way to fix it was to block all encrypted DNS, which then automatically forced the devices to use the networks DNS and block the content.
Using VPN is the only solution to that.
Buy a VPN to make it out of that network and then be monitored by someone else…
The Verizon router will by default recommend to your devices to use Verizon’s dns. In this case, Verizon’s dns is returning an error when your apple device tries to resolve the address of apple’s encrypted dns. To fix this, you can either set the dns your device uses manually (click the “i” next to your Wi-Fi and scroll to “Configure DNS”) or you can change the setting in your router to select a different dns to recommend to your devices.
You can choose from many available dns providers. Cloudflare dns (1.1.1.1 — One of the Internet’s Fastest, Privacy-First DNS Resolver) is a fine option balancing reliability, speed, and privacy. They have some instructions for a variety of methods to get set up.
Get a decent household router like ASUS, config your original one on passthrough mode, configure your router to Google, cloud flare, etc DNS) and all other settings to your preference.
YES, I’m also on VERIZON fios in NJ and got the same error with a bad connection the last few nights.
Aren’t most isp provided routers for home use defaulting to the isp for dns lookup anyway? Is dns typically encrypted? I thought this is how it is everywhere. The isp can see a lookup for google.com, but they can’t see anything more because it’s https. Is this not the case? Isn’t this why you should use a vpn on a public network if you don’t want the admin seeing what websites you visited?
They are routing the traffic. Do you really think they don’t know where you are going?
If you actually understand how internet traffic flows, you’d realize encrypted DNS is about as useful as using a Snickers wrapper as a condom.
Router-based Parental Control features like HNP are DNS based. If clients on the network are using a VPN or encrypted DNS, those features don’t work, so many routers also offer features to block VPN and DoH providers.
Some routers also offer other features with that such as forwarding client DNS requests to encrypted endpoints. I don’t know what all you might get from that Verizon feature, but I’d be wary of using that kind of feature on hardware that I didn’t own.
This is the way, this is what I use for gaming
Is that a private VPN service?
This could be an issue on your own home network if you haven’t intentionally blocked encrypted DNS.
It’s more of an issue of Verizon collecting information about DNS lookups and then selling/using that information to help build marketing profiles and targeted ads.
It’s still not even that big of an issue nowadays because of HSTS & HTTPS. Back when HTTP ruled the earth, sure.
As long as you don’t initiate an HTTP-based connection to the site first, where an HSTS bypass could have been placed and dont click any “allow insecure connections” with big scary red text, you’re probably okay.
What are you doing about DNS over HTTPS? Are you doing anything?
If you control the devices, my guess is GPOs to not allow the browser to use DNS over HTTPS.
Ahh yes. I imagine too when it comes to business… if a client came into your network and then proceeded to send trade secrets to Russia… and the FBI came to you… but their traffic was encrypted… you would have no idea it happened.