Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Aug 12, 2020 7:06 Post subject:
PavelVD wrote:
Apparently we are talking about an external USB drive (or flash drive) on which one of the sections has a label "/jffs", or is mounted on UUID on the page Services-USB-Mount this Partition to /jffs.
Apparently you didn't read the issue and didn't pay attention to it... its all about mounted USB and jffs... otherwise my and your comment, i hope will be deleted from the mod's... if you don't have any comment related to a problem solving, please retrain from posting in this thread... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I tried to enable SmartDNS Resolver on r44112 in two ways:
Just enable as is - by default, and with the migration of "smartdns.conf" to "/jffs/etc" and making the changes suggested by Wabe.
In both cases my blog will be filled with a huge number of entries:
Code:
Aug 12 08:38:12 LinkSYS daemon.warn dnsmasq[2655]: Insecure DS reply received for cc, check domain configuration and upstream DNS server DNSSEC support
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Aug 13, 2020 6:31 Post subject:
Alozaros wrote:
sweet, how do you copy smartdns.conf to jffs as jffs is read only ??
things i tried:
-on linux OS tried to 'sudo mount -rw -o remount /dev/sda1 /location/to/mount/partition/'
-than nano /path to file smartdns.conf to create it, but still no success as it says jffs read only...
how the heck as i already did -rw -o remount
df -h shows jffs as well under GUI it says its mounted (router R7800)
also tried:
nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot
sadly jffs2 is missing on the (present builds)
also tried with jffs on USB it shows on df -h and when i go
cd /jffs
vi smartdns.conf
edit file add values than esc :w
it says no space left... on my USB
sadly im not a linux geek and dint make it right, that's why i hate jffs...very often its screwed
as well i wanted to try that on 8MB devices where my target is ...
please give us some clues how to edit/copy file in jffs...
if you have a look here im talking about jffs on usb, and that i tried few things..
Im trying to sort that config and bailed out again as...
1.I cannot transfer my smartdns.conf to jffs as it says its a read only partition (im using 8GB flash drive)
2.tried on a foreign linux just to create smartdns.confg and save it to that usb jffs
your comment was pointing out the obvious in my post...i bold the text that explains that is all about jffs on USB _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
sweet, how do you copy smartdns.conf to jffs as jffs is read only ??
things i tried:
-on linux OS tried to 'sudo mount -rw -o remount /dev/sda1 /location/to/mount/partition/'
-than nano /path to file smartdns.conf to create it, but still no success as it says jffs read only...
how the heck as i already did -rw -o remount
df -h shows jffs as well under GUI it says its mounted (router R7800)
also tried:
nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot
sadly jffs2 is missing on the (present builds)
also tried with jffs on USB it shows on df -h and when i go
cd /jffs
vi smartdns.conf
edit file add values than esc :w
it says no space left.... on my USB
sadly im not a linux geek and dint make it right, that's why i hate jffs...very often its screwed
as well i wanted to try that on 8MB devices where my target is ...
please give us some clues how to edit/copy file in jffs...
Well, I just enabled "jffs" on administration tab.
When I hook up to the router using telnet/ssh I have a writeable "jffs" there.
So just "cp /tmp/smartdns.conf /jffs/etc/smartdns.conf" and then edit this file using your favorite editor, I use "vi".
Obviously this will not work if /jffs isn't writable. I have no such issues on my routers however. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
I managed to start SmartDNS with my conf file as follows:
IMPORTANT! It is turned off in the GUI -
SmartDNS ResolverDisable Dnsmasq
Validate DNS Replies (DNSSEC) Disable - (Always turn off when you turn on SmartDNS.)
Additional Dnsmasq Options cache-size=0
server=127.0.0.1#6053 Diagnostics->Startup smartdns -c /jffs/etc/smartdns.conf IMPORTANT!
Code:
stopservice dnsmasq; startservice dnsmasq
- kills SmartDNS. To maintain performance, you should do as follows:
If you are using addn-hosts=Mr. SurprisedItWorks code, then the end of the script must be supplemented by running "smartdns -c /jffs/etc/smartdns.conf".
I changed the tls-server to the fastest (known to me):
PavelVD: Glad you got it working!
Don’t understand why you had to go through all the steps you describe.
In my case I got it working using the simple steps I describe above in this thread.
The log file does not work however. I’ve posted a ticket in the svn regarding this. Let’s see if BS tries to fix it. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
This is good news.
I wish to move to DNS over TLS ideally. I am on an old, 2018 vintage kong build on an Broadcom Netgear R7000. I am using a USB mounted on /opt for Yamon.
Would this plan work:
1. download and upgrade to the latest build from betas for my hardware: ftp://ftp.dd-wrt.com/betas/2021/01-01-2021-r45229/netgear-r7000/
That would be on top of the current build using the GUI ie. not resetting to manufacturer firmware first.
2. Enable SmartDNS on the upgraded firmware GUI and add the smartdns.conf to a path on /opt
Would that work in theory?
Does the confing file for smartdns need to be in /jffs/ ?
This is good news.
I wish to move to DNS over TLS ideally. I am on an old, 2018 vintage kong build on an Broadcom Netgear R7000. I am using a USB mounted on /opt for Yamon.
Would this plan work:
1. download and upgrade to the latest build from betas for my hardware: ftp://ftp.dd-wrt.com/betas/2021/01-01-2021-r45229/netgear-r7000/
That would be on top of the current build using the GUI ie. not resetting to manufacturer firmware first.
2. Enable SmartDNS on the upgraded firmware GUI and add the smartdns.conf to a path on /opt
Would that work in theory?
Does the confing file for smartdns need to be in /jffs/ ?
That should work fine but the config file has to reside in /jffs/etc. Also when moving from an old build you should reset to defaults by submitting a ‘nvram erase’ + ‘reboot’ from the command line. Don’t reset from the GUI, not reliable _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
I've updated the firmware of the router without incident, which is a big relief. I sold it to the family as an emergency. It is in a way because I'm due back to work tomorrow.
I lost DNS resolution once I enabled SmartDNS probably for the reason I don't have a /jffs mount point.
I also realised (with apologies) that this is an atheros area. I'll make a new thread so I can stop posting on this area.
I've updated the firmware of the router without incident, which is a big relief. I sold it to the family as an emergency. It is in a way because I'm due back to work tomorrow.
I lost DNS resolution once I enabled SmartDNS probably for the reason I don't have a /jffs mount point.
I also realised (with apologies) that this is an atheros area. I'll make a new thread so I can stop posting on this area.
You shouldn’t loose DNS resolution by enabling Smartdns. By default it creates a standard config file in /tmp. This should work but without any frills like dns over tls.
Did you reset after flashing? I suppose posting in this thread is OK as long as the topic is Smartdns. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Jan 05, 2021 21:23 Post subject:
cookiemonsteruk i referred you to SmartDNS, as alternative to Stubby for DNS over TLS, but as i said it requires reading and understanding too, read all that thread and focus on PavelVD & wabe guides...
As you may already noticed, standard SmartDNS does not have tls encryption by default, all is done via moving and editing SmartDNS config file....to jffs...
SmartDNS may be a good alternative(even better) to Stubby, but requires more understanding and reading 'how to'...
if you want to reset use either button for 10 sec or via CLI 'nvram erase && reboot' (no quotes)...
when you reset do not load save files from different builds...rebuild manually... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
thanks both, with your help I've now got stubby running.
I might need to come to SmartDNS in the future but TLS by default is what attracts me to stubby. The performance is adequate for my needs at the moment.
I managed to start SmartDNS with my conf file as follows:
IMPORTANT! It is turned off in the GUI -
SmartDNS ResolverDisable Dnsmasq
Validate DNS Replies (DNSSEC) Disable - (Always turn off when you turn on SmartDNS.)
Additional Dnsmasq Options cache-size=0
server=127.0.0.1#6053 Diagnostics->Startup smartdns -c /jffs/etc/smartdns.conf IMPORTANT!
Code:
stopservice dnsmasq; startservice dnsmasq
- kills SmartDNS. To maintain performance, you should do as follows:
If you are using addn-hosts=Mr. SurprisedItWorks code, then the end of the script must be supplemented by running "smartdns -c /jffs/etc/smartdns.conf".
I changed the tls-server to the fastest (known to me):
Now, is there a way one can block unencrypted DNS queries going out my network? I could use iptables to drop all outgoing packets to port 53 but is there a better way?
Example of firewall commands:
Code:
# Block LAN devices from using insecure DNS
iptables -I FORWARD -p tcp --dport 53 -j DROP
iptables -I FORWARD -p udp --dport 53 -j DROP
# Limit router to resolver DNS over its own Dnsmasq/SmartDNS
iptables -I OUTPUT -p tcp --dport 53 -j DROP
iptables -I OUTPUT -p udp --dport 53 -j DROP
iptables -I OUTPUT -p tcp -d 10.0.0.1 --dport 53 -j ACCEPT
iptables -I OUTPUT -p udp -d 10.0.0.1 --dport 53 -j ACCEPT
Too bad that smartdns seems to crash sometimes. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).