It is quite common for small and/or unmanaged networks to have set their endpoints’ DNS Servers to 8.8.8.8/8.8.4.4 for its DNS services.
When adam:ONE is installed on a gateway used by such endpoints, by default, any DNS queries going to 8.8.8.8:53 or 8.8.4.4:53 (port 53 over TCP or UDP) are going to be redirected to adam:ONE to be answered by the assigned adam:ONE policy. It was simultaneously a security feature as well as convenience for systems administrators.
Up until 2020 this worked without the endpoints needing to change their DNS server settings, but now the Chrome browser will auto-upgrade to DoH (DNS over HTTPS) if the system DNS resolver is set to 8.8.8.8 and/or 8.8.4.4, and immediately cause it to switch to https://dns.google/dns-query (DoH).
When you combine this with DTTS (Don’t Talk To Strangers), however, the answers offered by Google’s DoH queries are not reachable, even if the connection of https://dns.google/dns-query itself was made successfully. The following illustrates the symptoms that occur when dns.google is not blocked, and DTTS is running:
- Chrome makes a query to
example.comand Chrome notices that queries are going out via8.8.8.8and switches to DoH - Chrome sends the query to https://dns.google/dns-query
- Chrome receives the answer of
93.184.216.34 - Chrome attempts to make an http/s connection to
93.184.216.34 - The adam:ONE gateway DTTS engine disallows the connection to
93.184.216.34because the DNS query didn’t go through adam:ONE’s DNS services
Overall the browser seems to be offline. The only exceptions to this may be if any Enablers or prior queries still had open holes for this endpoint.
Changing the endpoint’s DNS to adam:ONE (usually by changing it to “Obtain DNS Servers automatically” is all that’s required to obtain complete functionality.