All devices that are Internet-capable use DNS queries to determine the IP addresses of servers so that they can be addressed. This is the case, for example, when a browser controls the domain ct.de – the configured DNS resolver, usually that of the provider, then supplies the IP address 193. 99. 144. 80. The browser then calls this in order to establish an HTTP connection to the server. Because the devices send such requests to resolvers in unencrypted form and many times a day, external intelligence services or spies can create profiles of users.

DNS-over-TLS (DoT) is one of the protocols that prevent this. A DoT client first establishes a TLS-encrypted connection to the configured DoT resolver and communicates with it through the TLS tunnel. This is also the case with Fritz boxes; they protect all connected WLAN and LAN clients. In other articles we have detailed information about setup, monitoring and test results with FritzOS 7. 20 reported.

In order to examine more closely how the Fritzbox proceeds with DoT communication, one usually looks at packet recordings. The box conveniently provides recordings of your Internet traffic itself, unless it is a provider model from Vodafone or another (fritz.box/support.lua, section “Packet recordings”). It copies the data flow of the selected interface to the browser, which then saves it as a PCAP file on the local PC (e.g. fritzbox-vcc0 _ 31. 09. 20 _ 1824. pcap). If Wireshark (download) is installed, a double click on this file is enough to open it.

Access to all contents of heise + exclusive tests, advice & background: independent, critically sound c’t, iX, Technology Review, Mac & i, Make, c’t read photography directly in the browser register once – read on all devices – can be canceled monthly first month free, then monthly 9, 95 € Weekly newsletter with personal reading recommendations from the editor-in-chief Start FREE month Start the FREE month now heise + already subscribed?

Register and read Register now and read the article immediately More information about heise +