DNS over TLS, HTTPS verification

Angelo Restrepo If you are getting "ok" & "DOT" on test.nextdns.io then there's no problems.

"unknown dot" just means that the software you are using isn't specifically identified by NextDNS and you can safely ignore it for testing purposes.

R P M I believe I know now why tents.com/test doesn't work is because it's a different provider correct?

Angelo Restrepo Well yes they are a different provider but as to how they get their TLS enabled status results is not clear. It maybe is simply probing the DNS IP addresses for TLS connections but not finding anything because it’s under NextDNS’s name. 
Either way, the results can not be counted on. 

R P M Last question, on my setup I have nextdns on port 853 and I can see under sensei (Zenarmor) The traffic and see encrypted. Sensei uses port 443 which is Dns over HTTPS and I can see blocks in there from them. Should I be in any way concern that I have both DOH and DOT enabled on opnsense as I can see I have a pretty decent protection buffer while not loosing much speed in the process. 

Angelo Restrepo DoH does use port 443 but it’s not the only thing. All secure web traffic uses port 443, so it could be anything with https. 
If you have not specifically set up DoH on the router then it is unlikely to be active. 

R P M sensei an application in opnsense does this automatically for what I can see. I also see nextdns logs and see that it noticed both their 443 traffic and Nextdns traffic as encrypted. When I turn off nextdns I get Ad blocks along with other threats that come around. I wanted a dual process that would provide max protection without much load/speed loss. The AI threat management is that sort of a zero day protection like you can get from Snort? If that's the case then I would say I overprotected on the network side so my antivirus on my laptops Bitdefender shouldn't see much action. 

Angelo Restrepo they might not be doing DNS over https they do however manage filtering of ads, malware and other options. When I look at the log of block items by them I see them on port 443 which made me think that it's related to DNS over https. I've emailed them for clarification, but either way looks like a have some serious protection going on including privacy. Just paid for the annual cost. I was looking into ControlD, but tested a little they appear to be less organized although they do have some interesting Spoof options, but did not see any AI Threat management which I been looking online to see what that actually means in Nextdns. Thanks for your replies. Your replies are the key reasons why I bought the service.

R P M Thanks no DOT nor DOH from sensei, but they do filtering so the combination of Nextdns gives me the protection that even some small businesses probably don't have.