cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypted DNS?

Riche90
Dialled in

Just figured out that I cannot connect to some AWS endpoints via my work VPNs using Virgin Media. However BT/Vodafone/3 through ADSL and 4G Huawei router... I can. The only difference I can see is, I cannot change my DNS servers and they're unencrypted? Is it possible VM doesn't allow encrypted DNS and as such the endpoints can't be resolved to IP addresses?

It's repeatable. I can jump on Virgin Media, connect to VPN. Try to remote manage server... doesn't resolve. Switch to any other connection on VPN and I am in instantly. 

Any advice would be appreciated! Feel like I'm living on this forum atm a week into getting Virgin Media in. Might be time to admit defeat and wait for another provider. I'm not a networking guy, so if I'm completely off the mark... tell me! 🙂 I can't define DNS in my VPN client either, which I thought might be an option. 

7 REPLIES 7

Client62
Legend

Had you said we have a Hub 5 in Router mode and with the work VPN OFF, encrypted DNS fails or access to some AWS hosts fails that would not be the first time that has been reported.

If VPN fails to connect or to work, Disable "Child Safe" in the VM online account, or set the computer to use a Public DNS. But this does not appear to be what is reported.

Can not access the secure DNS & AWS hosts via the work VPN is a problem beyond the work VPN exit point.

Are you sure the work VPN is functioning as expected E.g. are websites of banks / main retailers working OK ?

legacy1
Alessandro Volta

Don't use 194.168.4.100 or 194.168.8.100

use 1.1.1.1, 8.8.8.8 or 9.9.9.9 on interface for the VPN to connect if that don't work use hub in modem mode

---------------------------------------------------------------

The 5X doesn't support modem mode. I'm on a 5X, going through VPN. To confirm I actually have validated one of the available clients does use 1.1.1.1 or 1.0.0.1, the other it isn't shown. I have tried to force it on the virtual and physical wireless adapter too. No amount of configuration makes the endpoint resolve. If I switch to ANY other connection, it resolves and connects instantly over VPN. The issue is isolated to when I am connected via the Hub 5X.

Riche90
Dialled in

Ignore me, I think after switching DNS via the adapter.. it hadn't taken maybe? I reset the 5X, reconnected. Looked at my adapter config in W11 and confirmed it was showing DNS as 1.1.1.1 and 1.0.0.1 and had a go... boom I'm in.

Sorry guys! appreciate the help. Weird one. I had it configured like this already.. 😞

Just in case someone in 2038 has this issue and finds this archived post. I figured out specifically what causes it for me, it’s in the W11 adapter config under DNS and DNS over HTTPS. It was off by default, switching this off/default template makes my connection work… and not! Problem solved.

Client62
Legend

I wonder if the Windows 11 encrypted DNS is not supported by the work VPN.

legacy1
Alessandro Volta

Too much encryption and with all said and done someone knows where your going...I get encryption to my bank or to a site but lets look at it this way so VM want you to use there DNS they know where your go so does your client hello for a secure connection so we have DNS over HTTPS now VM can't track you by DNS but still by client hello so now the secure DNS know where your going as does VM then we have this new thing ECH so now what should happen is only DNS over HTTPS knows where your going but the IP to where your going is still known by VM to what that the IP hosts many domains? Or just one domain in which case VM know where your going really its really like shifting who can track you and making content filleting harder to do which then means VM has you do DNS over HTTPS and then VM knows what your doing to which you use another DNS over HTTPS and they know where your going...like will we see the end of DNS and client hello in clear in years to come?

---------------------------------------------------------------