I had DoT set up and working in Ultra Secure Mode, but found that after a firmware update and reboot, clients were seeing timeouts on their DNS lookups.  Toggling the DNS Mode to Default Mode and saving the change was enough to smarten everything up again.  Flipping back and forth between Default and Ultra Secure now seems to have no bad effect, but I intend to stay in Default until I have some time to troubleshoot.  

 

Has anyone else experienced this?  I have the DNS Server box filled out with the FQDN of a DoT server, so it seems to me that there could be a chicken and egg issue there on boot if the router doesn't have a good IP cached for it but, being Ultra Secure, doesn't want to do lookups with anything else.