Impact of setting endpoints to use Google DNS

It is quite common for small and/or unmanaged networks to have set their endpoints’ DNS Servers to for its DNS services.

When adam:ONE is installed on a gateway used by such endpoints, by default, any DNS queries going to or (port 53 over TCP or UDP) are going to be redirected to adam:ONE to be answered by the assigned adam:ONE policy. It was simultaneously a security feature as well as convenience for systems administrators.

Up until 2020 this worked without the endpoints needing to change their DNS server settings, but now the Chrome browser will auto-upgrade to DoH (DNS over HTTPS) if the system DNS resolver is set to and/or, and immediately cause it to switch to (DoH).

When you combine this with DTTS (Don’t Talk To Strangers), however, the answers offered by Google’s DoH queries are not reachable, even if the connection of itself was made successfully. The following illustrates the symptoms that occur when is not blocked, and DTTS is running:

  1. Chrome makes a query to and Chrome notices that queries are going out via and switches to DoH
  2. Chrome sends the query to
  3. Chrome receives the answer of
  4. Chrome attempts to make an http/s connection to
  5. The adam:ONE gateway DTTS engine disallows the connection to because the DNS query didn’t go through adam:ONE’s DNS services

Overall the browser seems to be offline. The only exceptions to this may be if any Enablers or prior queries still had open holes for this endpoint.

Changing the endpoint’s DNS to adam:ONE (usually by changing it to “Obtain DNS Servers automatically” is all that’s required to obtain complete functionality.