0

Identifying DoT traffic without SNI

Hi!

FortiOS v6.2 supports DoT, but, I cannot specify SNI, which (AFAIK) NextDNS uses to identify me for DoT. I've provisioned DoT by specifying DNS servers shown in "Linked IP" section in "my.nextdns.io/<id>/setup" and confirmed by capturing TLS traffic on Fortigate's external interface to these.

However, in "my.nextdns.io/<id>/logs" nor in "my.nextdns.io/<id>/analytics" "All Devices" drop box do not I see anything to identify my "Linked IP" (unlike for DoH traffic I provisioned in my Firefox). Nor I do see DNS RRs in "my.nextdns.io/<id>/logs".

Is "All Devices" drop box supposed to show me DNS traffic pertaining to my "Linked IP"? If yes, and I'm not seeing it, is it an indication that DoT isn't working for me?

Feren.

Reply

null

Content aside

  • 3 yrs agoLast active
  • 169Views
  • 1 Following