DNS over TLS issues

Sushubh

Admin
Staff member
Messages
382,163
Location
Gurgaon
ISP
Excitel
Airtel
Have you tried using a different server?
 

shantam2005

IrRegulars
Messages
512
Location
NA
ISP
Maha Mediacom
Same with me. Facing this since sometime in September. I also switched my phone around the same time so thought this was a phone issue.
 
Messages
1,940
Location
Delhi
ISP
TriplePlay/Excitel
that is interesting. you could try using wireshark on pc with "tcp.port==853" filter to see whats causing the issue.

you can use yogadns client
 
Last edited:
Messages
1,940
Location
Delhi
ISP
TriplePlay/Excitel
Let's encrypt root certificate has expired and Android system has not updated it. Use a TLS certificate from some other authority.

AdGuard DNS ( dns.adguard.com) uses their own cert though (not Letsencrypt) . Unless, OP meant AdGuard Home.

I tried dns.google one.one.one.one and dns.adguard.com on Airtel LTE and its all working fine.
 
Last edited:
Messages
24
Location
Thane
ISP
Airtel Xstream Fibre
Let's encrypt root certificate has expired and Android system has not updated it. Use a TLS certificate from some other authority.
According to Let's Encrypt documentation, only Android devices prior to version 7.1.1 will have any issues whatsoever. I am on Android 11. So this seems less likely to happen.
 

vishalrao

The Global Village Idiot
Messages
5,823
Location
Pune
ISP
BSNL FTTH 300 mbps Fiber Ultra plan 1499
@doineedto the certificate is the public side one of the certificate root authority which you can obtain for free... Probably look at letsencrypt website for steps to update it on your device?
 
Messages
225
Location
UP
ISP
BSNL Fiber 1277 & Airtel LTE Failover
@vishalrao I understand how the SSL certificate works. Lets Encrypt docs say that Android versions greater that 7.1.1 should trust the new root CA Cert by default. Besides I am not sure if you can update the trusted root ca on Android.

If I understand correctly, @royalroy switched to a different issuer. Please correct me if I am wrong!
Thats how its supposed to work but apparently its a mess on android. DoT is part of the base system and doesnt trust the default system certificate store. it uses its own store which hasnt been updated(I dont know if there is even a way to update it without involvement from manufacturer/oem) and broke after letsencrypt tried to fix it on 30th September 2021.