QUOTE(Oltromen Ripot @ Dec 17 2021, 08:12 AM)
Correct me if I'm wrong.
- DNS resolution isn't always straight forward i.e. we usually use DNS forwarder like 8.8.8.8 1.1.1.1 9.9.9.9 202.188.1.5 202.188.0.133
- Asus router uses stubby as DoT proxy with privacy=1
- DoT by default carries information about who is the origin requesting DNS resolution i.e. will have WAN IP address of Asus router.
- by setting privacy=1, the WAN IP address of Asus router will not be included in DoT requests, and DNS forwarder will also not reveal the jnformation to the final DNS resolver.
- since, for example, Akamai cannot determine who is the original requester, instead of returning result best for Unifi IP, it will just return a default CDN IP which might and usually not nearest to client.
Yes. When privacy=1, the DoT request will contain a flag asking the DNS server (8.8.8.8 for example) to not forward the subnet of WAN IP to the upstream (Akamai's DNS server). For Unifi users, when using Google DNS with privacy=1, Akamai will use Singapore server. With privacy=0, Akamai will use cache server that is within TM's network (IP of the server belongs to TM). The Singapore server connection is sometimes very very slow to the point that a 360p video cannot load whereas the TM cache server is always fast. When using 1.1.1.1 it doesn't matter and will be slow during peak hours anyway because 1.1.1.1 doesn't support EDNS0 Client Subnet. 1.1.1.1 is not recommended for users who use streaming services because of this.- DNS resolution isn't always straight forward i.e. we usually use DNS forwarder like 8.8.8.8 1.1.1.1 9.9.9.9 202.188.1.5 202.188.0.133
- Asus router uses stubby as DoT proxy with privacy=1
- DoT by default carries information about who is the origin requesting DNS resolution i.e. will have WAN IP address of Asus router.
- by setting privacy=1, the WAN IP address of Asus router will not be included in DoT requests, and DNS forwarder will also not reveal the jnformation to the final DNS resolver.
- since, for example, Akamai cannot determine who is the original requester, instead of returning result best for Unifi IP, it will just return a default CDN IP which might and usually not nearest to client.