DNS over TLS

Not sure where to put this one. My router firmware has just upgraded on my Asus RT-AC68U which now includes DNS over TLS in the wan section (2 servers).

When I enable the servers DNS over TLS for Cloudflare (1.1.1.1 and 1.0.0.1) my TP Link wifi plugs become unreachable and I cant switch them on and off with Alexa or the TP Link phone app.

Is this a DNS over TLS problem with the TP Link plugs because when I turn off DNS over TLS on the router they are contactable again?

You really should install the excellent Merlin firmware on your Asus router.
You would have had this feature working a couple years ago.

My tp-link WiFi plugs (the older kasa versions) work perfectly with DNS over TLS enabled.

Edited by j0hn83 (Thu 09-Sep-21 14:53:55)

I like the Merlin Firmware but too many updates. At one stage it was every week. It appears that all that was needed was a reboot to get the plugs reachable.

In reply to a post by j0hn83:

My tp-link WiFi plugs (the older kasa versions) work perfectly with DNS over TLS enabled.

In fact, they likely don't even need DNS to function. I have some tp-link wifi lightbulbs and block them in my firewall from making external requests. It turns out they don't actually need to talk to devs.tplinkcloud.com, n-devs.tplinkcloud.com or n-deventry.tplinkcloud.com and still work perfectly fine.

Edited by aidanh (Thu 09-Sep-21 15:30:33)

Trying Merlin latest release as it seems to have stabilised.

In reply to a post by Banger:

I like the Merlin Firmware but too many updates. At one stage it was every week.

I follow RMerlin on twitter. I’ve never seen an update weekly, and some of the tweets are for test versions. I only install his final versions which are about once a quarter?

Yes had been installing test versions before. Maybe 1 a week was a slight exaggeration. Anyway trying the latest stable version.

In reply to a post by Banger:

Maybe 1 a week was a slight exaggeration.

Phew, I’ve not missed anything important 😎

Anyway trying the latest stable version

I’m on 386.3_2 on my AX88U..

Sorry to jump in almost a year after this post, but I have just bought some of these plugs and I am having the same issue.

I use NextDNS over TLS, I had to disable TLS and use their ipv4 addresses in order for the Tapo's to see the internet. When you say that a reboot was all that was needed, do you mean turn DNS-over-TLS back on in the router and then reboot the router? I am using stock Asus firmware.

In reply to a post by jay_uk_80:

Sorry to jump in almost a year after this post, but I have just bought some of these plugs and I am having the same issue.

I use NextDNS over TLS, I had to disable TLS and use their ipv4 addresses in order for the Tapo's to see the internet. When you say that a reboot was all that was needed, do you mean turn DNS-over-TLS back on in the router and then reboot the router? I am using stock Asus firmware.

Asus stock DoT is broken and I have been on ages for them to fix it. Merlin's third party firmware fixes it use that.

I used Merlin in the past, but I kept getting a strange fault where after a week or so the wifi would drop with no data. Devices could see the wifi AP and stay connected but no data would flow. Wired devices were fine. The only solution was to reboot the router.

For now I will just have to stick with stock and run unencrypted.

DNS over TLS is already old, it has performance issues, DNS over HTTPS or DNS over QUIC are much more performant.