Encrypted DNS connection is an Internet security measure that has recently entered the mainstream through the work of companies like Google and Mozilla. This article provides a very brief introduction to it and how Circle manages it.
What is DNS?
In networking terms, DNS is a naming system that allows connected devices to reach websites, apps, or other services over the Internet. Think of it like the Internet's address book. DNS maps numerical addresses (like a street address) to a commonly known name, like facebook.com or google.com.
What are these encrypted DNS connections?
DNS over TLS (or "DoT") and DNS over HTTPS (or "DoH") are privacy measures to ensure that requests from one connected device won't be intercepted by another device. While this does increase privacy, it can also prevent legitimate monitoring service, like parental controls or network security, from working as expected.
These types of services are usually built with "fallbacks" if access to them is blocked. If the DoT/DoH service is blocked or unavailable for some reason, your computer or mobile device ought to revert to normal, non-DoT/DoH behavior without you even noticing.
How does Circle manage attempted DoT/DoH connections?
By default, Circle blocks access to DoT and DoH services for all managed devices in your home. If a device is assigned to a profile, it will not be able to utilize these services effectively. This should not have any significant impact on the performance of that device.
If you do believe that this default Circle behavior is causing trouble, we recommend disabling DoT/DoH using the instructions below.
How to disable DoH for the Mozilla Firefox browser
Mozilla put together some resources for their Firefox browser. Use the Mozilla Firefox guide to disable DNS over HTTPS.
How to disable DoH for the Google Chrome browser
Chrome's DNS over HTTPS implementation is still in the "Experiment" stage, so it is very likely disabled unless you have turned it on manually. To disable:
- In your Chrome browser, enter chrome://flags/#dns-over-https into the web address bar and attempt to go their like you would a website.
- In the settings view that pops up, change the selector for Secure DNS lookups to Disabled.
Android Devices with Private DNS settings
With the release of Circle Parental Controls firmware version 3.17 (available October 27th, 2020) we've added filtering for DNS over TLS. This will cause issues for Android devices using a private DNS provider. The Android OS does not fall back to other DNS settings and so will be blocked from making DNS requests over TLS and no longer be able to reach the Internet. Remove those custom private DNS settings, change that setting to "Automatic", or unmanage the device from Circle to restore connectivity.