DNS over TLS with CZ.NIC forwarder does not work in obsolete Turris OS 3.x

:warning: This problem affects only obsolete Turris OS 3.x release :warning:

If you use CZ.NIC TLS DNS forwarder (ODVR) like this on your router

Screenshot from 2021-09-30 21-41-32

you would encounter DNS resolving issues and both of your router and local network will be probably unusable.

Root cause of this issue is in older GnuTLS library that is present in Turris OS 3.x and there is no such problem in current and stable Turris OS 5.x release.

To fix that, I recommend to exchange DNS forwarder to other servers like Cloudflare or Quad9 or disable forwarding at all. The best option, however, is to upgrade your router to Turris OS 5.

We would post some update here if anything new about this issue will appear. Further details are available in GitLab issue at turris/os/packages#799.


I have upgraded to 5x - latest TOS.
Previously I had quite bad performance in kresd - and I think it is already better.
But I am not sure yet.

By the way, the problem also affects Android explicitly configured to use odvr.nic.cz… though there it probably isn’t because of GnuTLS. (Both cases were triggered by a change in LetsEncrypt cert chains and they’re not specific to our ODVR case.)

This topic was automatically closed after 20 days. New replies are no longer allowed.