If you’re using T-Mobile Home Internet, you may encounter issues with encrypted DNS, specifically DNS-over-HTTPS (DoH). T-Mobile appears to be actively blocking DoH traffic, which affects the functionality of all our apps that rely on this protocol. When this happens, your device may lose internet access while the app is enabled on the T-Mobile network.
At this time, we’ve attempted to engage with the T-Mobile team to resolve the issue, but have not received a response.
✅ DNS-over-TLS (DoT) as an Alternative
All CleanBrowsing services support DNS-over-TLS (DoT), which T-Mobile does not currently block:
- Our Android app uses DoT by default, making it compatible with T-Mobile’s restrictions.
- Free services offer access to DoT endpoints.
- Paid customers receive a dedicated DoT stamp for use with custom configurations.
CGNAT and T-Mobile’s Network Configuration
T-Mobile Home Internet uses Carrier-Grade NAT (CGNAT), a system that assigns shared public IP addresses to multiple users. This can lead to:
- Inconsistent IP-based filtering or policy enforcement.
- Issues with port forwarding, hosting services, or remote access.
- Potential conflicts when multiple users share a single IP.
This network design is common among mobile carriers and can interfere with traditional IPv4 configurations and some advanced network features.
To better understand how CGNAT works and how it may impact DNS resolvers and filtering services, refer to our detailed guide: