DNS Server
Internet / Account Information / DNS Server
For the name resolution of internet addresses, the DNS servers assigned by the internet service provider are preset in the FRITZ!Box. You can use other free DNS servers if you prefer.
Resolving a web address, for instance "www.en.avm.de", determines the IP address at which the web address can be reached.
Click on the "Apply" button to save your settings. If you leave the page without saving, all of your changes will be discarded.
DNSv4 Servers
Upon delivery the FRITZ!Box is set so that the DNSv4 servers assigned by the internet service provider are used for name resolution in the IPv4 area. If you would like to use other DNSv4 servers, change this setting and select "User other DNSv4 servers". Enter the IPv4 addresses of the preferred DNSv4 server and those of an alternative DNSv4 server in the appropriate fields.
DNSv6 Servers
Upon delivery the FRITZ!Box is set so that the DNSv6 servers assigned by the internet service provider are used for name resolution in the IPv6 area. If you would like to use other DNSv6 servers, change this setting and select "User other DNSv6 servers". Enter the IPv6 addresses of the preferred DNSv6 server and those of an alternative DNSv6 server in the appropriate fields.
DNS over TLS (DoT)
DNS over TLS is a method for encrypting DNS queries. With DNS over TLS, web addresses are sent to the DNS server in encrypted form for name resolution. The DNS server must support DNS over TLS in order to be able to decrypt the encrypted queries.
Encrypted DNS queries cannot be intercepted by unauthorized third parties. If you enable DNS over TLS in the FRITZ!Box, it is not possible to read the web addresses opened by the FRITZ!Box. No surfing profiles can be created.
Instructions: Enabling DNS over TLS (DoT)
- Select the "Encrypted name resolution in the internet (DNS over TLS)" setting.
- In the "Resolved Names of the DNS Servers" field, enter one or more DNS servers.
- Click on "Apply".
- Confirm that this change should be executed as soon as you are prompted to do so.
DNSv4 and DNSv6 when DNS over TLS (DoT) Enabled
Enabling DNS over TLS does not require any changes to the "DNSv4" or "DNSv6" settings.
The DNS servers listed under "DNSv4" or "DNSv6" will still be used for DNS queries. They are needed for name resolution by the DNS-over-TLS server and for internal purposes.
Encrypted name resolution in the internet (DNS over TLS)
This setting is disabled in the settings preconfigured for the FRITZ!Box.
When this setting is disabled, the FRITZ!Box sends DNS queries to the DNS servers listed under "DNSv4" and "DNSv6" in encrypted form.
When this setting is enabled, the FRITZ!Box first determines the IP addresses of the servers listed under "Resolved Names of the DNS Servers". This is done by means of a non-encrypted query to the DNS servers entered under "DNSv4" and "DNSv6". The FRITZ!Box sends the encrypted DNS queries to the IP addresses of the servers listed under "Resolved Names of the DNS Servers".
Force a certificate check for encrypted name resolution in the internet
This setting is enabled in the settings preconfigured for the FRITZ!Box.
When this setting is enabled, the servers listed under "Resolved Names of the DNS Servers" are checked for authenticity. A server is used only when the certificate check is successful.
When this setting is disabled, no certificate check takes place. All of the servers listed under "Resolved Names of DNS Servers" are used without a check. Disable this setting only if you are certain that the server is authentic.
Allow fallback to non-encrypted name resolution in the internet
This setting is enabled in the settings preconfigured for the FRITZ!Box.
When this setting is enabled, DNS queries take place without encryption when all of the servers listed under "Resolved Names of the DNS Servers" fail. A server fails when it cannot be reached or when the certificate check was unsuccessful.
When this setting is disabled, no fallback takes place. When all of the servers listed under "Resolved Names of the DNS Servers" fail, no DNS more queries will take place and internet communication is no longer possible.
Resolved Names of the DNS Servers to Be Used
In the "Resolved Names of the DNS Servers" text field, enter the DNS servers you would like to use. These DNS servers must support DNS over TLS.
Comply with the following rules when entering the names of DNS servers in the text field:
| Minimum number of entries | 1 |
| Maximum number of entries to be adopted | 16 You can enter more than 16 entries in the field, but only 16 entries will be adopted. There will be no message informing you that additional entries will not be adopted. |
| Maximum number of entries per line | 1 |
| Syntax |
|