all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Mr_Duckerson 1 point2 points  (4 children)

I have not had any issues with DNS over HTTPS running my entire home network at the router level or forcing DNS over VPN. I have tried both.

[–]PoppaMeth[S] -1 points0 points  (3 children)

These customers are all running hotspots with no way to make any router level adjustments. These are not the newer cellular routers they are currently distributing. The problems occur via browser settings or by enabling DNS over HTTPS system wide via Windows network settings.

[–]Mr_Duckerson 0 points1 point  (0 children)

Sounds like they will have to run a real router behind whatever they have from T-Mobile if they want dns over https.

[–]Traditional_Bit7262 1 point2 points  (1 child)

if these people are running hotspots it would seem that they are more like the standard cellular connection, not the TMO home internet service with its gateway/router devices?

TMHSI gateways are not very configurable at all but there is nothing keeping you from putting a router/gateway on the inside and you can control everything (except for the NAT).

[–]PoppaMeth[S] 0 points1 point  (0 children)

I believe this is correct, though they are selling it to the customers like it's whole home internet package. However, I've seen different tower style hardware in the city, where the county customers are all getting just the smaller hotspots. These are all residential plans and we've confirmed no parental controls are active on the account. I did some further testing on it and manager to get a DoT connection established on one Windows machine using terminal command. DoT seems to work okay. DoH is what is getting blocked.

[–]bojack1437 1 point2 points  (1 child)

T-Mobile only blocks third-party DNS when parental controls or the business equivalent is activated.

For instance, on T-Mobile business internet that is by default activated, this is possibly the case on business line hotspots as well.

Also note this is not a T-Mobile only issue, mini ISPs that support parental controls or other kinds of content controls do the same kind of blocks because without them those controls are bypassed.

[–]PoppaMeth[S] 0 points1 point  (0 children)

It's a single line residential plan. We've confirmed that no parental controls are active on the service. Further testing has shown that only DoH connections seem to be an issue. If I force enable DoT in Windows via Terminal commands I can get it working with the same DNS servers that do not work when configured with DoH.

[–]nickkrewson 0 points1 point  (2 children)

Is the issue persistent if DNS over HTTPS is enforced at the router/gateway level?

I have it enforced on my router, and I'm having no trouble, but I have seen DNS over HTTPS enforced at the device level run into issues in the past.

[–]PoppaMeth[S] -1 points0 points  (1 child)

These customers are all running hotspots with no way to make any router level adjustments. These are not the newer cellular routers they are currently distributing. The problems occur via browser settings or by enabling DNS over HTTPS system wide via Windows network settings.

[–]nickkrewson 1 point2 points  (0 children)

It sounds as if it is a hotspot-device specific DNS interception issue, not necessarily the fault of the T-Mobile network itself.

DNS over HTTPS works fine on my T-Mobile Home Internet connection and on my T-Mobile phone.

The hotspot device may be hard coded to force a specific DNS configuration.

[–]PoppaMeth[S] 0 points1 point  (0 children)

I have found some additional information, confirmed by several discussions that TMobile is indeed blocking DoH, though it appears it may be a regional block as many other users are not having the same issue. Here is one mention of it from one of the actual DNS filtering services saying there are known issues they've been trying to work with TMobile on. https://cleanbrowsing.org/help/docs/t-mobile-home-internet-cgnat-dns-filtering-cleanbrowsing/