SMARTDNS Guide

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4 ... 18, 19, 20  Next
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Wed Aug 12, 2020 7:06    Post subject: Reply with quote
PavelVD wrote:
Apparently we are talking about an external USB drive (or flash drive) on which one of the sections has a label "/jffs", or is mounted on UUID on the page Services-USB-Mount this Partition to /jffs.


Apparently you didn't read the issue and didn't pay attention to it... its all about mounted USB and jffs... Rolling Eyes otherwise my and your comment, i hope will be deleted from the mod's... Laughing if you don't have any comment related to a problem solving, please retrain from posting in this thread...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Sponsor
PavelVD
DD-WRT User


Joined: 26 Jul 2019
Posts: 109

PostPosted: Wed Aug 12, 2020 19:20    Post subject: Reply with quote
I tried to enable SmartDNS Resolver on r44112 in two ways:
Just enable as is - by default, and with the migration of "smartdns.conf" to "/jffs/etc" and making the changes suggested by Wabe.
In both cases my blog will be filled with a huge number of entries:
Code:
Aug 12 08:38:12 LinkSYS daemon.warn dnsmasq[2655]: Insecure DS reply received for cc, check domain configuration and upstream DNS server DNSSEC support

Occasionally meet:
Code:
Aug 12 08:30:50 LinkSYS kern.warn kernel: [ 94.426610] nf_conntrack: nf_conntrack: table full, dropping packet

Naturally, there is no Internet access.

PS
Sorry, Alozaros, I didn't understand, is this a private forum branch?

_________________
Linksys WRT1900ACSv2
Automatically adjustable temperature, always within the range of 59-68°С.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Aug 13, 2020 6:31    Post subject: Reply with quote
Alozaros wrote:
sweet, how do you copy smartdns.conf to jffs as jffs is read only ??
things i tried:
-on linux OS tried to 'sudo mount -rw -o remount /dev/sda1 /location/to/mount/partition/'
-than nano /path to file smartdns.conf to create it, but still no success as it says jffs read only...
how the heck as i already did -rw -o remount
df -h shows jffs as well under GUI it says its mounted (router R7800)

also tried:
nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot

sadly jffs2 is missing on the (present builds)
also tried with jffs on USB it shows on df -h and when i go

cd /jffs
vi smartdns.conf
edit file add values than esc :w
it says no space left... on my USB

sadly im not a linux geek and dint make it right, that's why i hate jffs...very often its screwed
as well i wanted to try that on 8MB devices where my target is ...
please give us some clues how to edit/copy file in jffs...


if you have a look here im talking about jffs on usb, and that i tried few things..
Im trying to sort that config and bailed out again as...
1.I cannot transfer my smartdns.conf to jffs as it says its a read only partition (im using 8GB flash drive)
2.tried on a foreign linux just to create smartdns.confg and save it to that usb jffs

your comment was pointing out the obvious in my post...i bold the text that explains that is all about jffs on USB

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Thu Aug 13, 2020 13:31    Post subject: Reply with quote
Alozaros wrote:
sweet, how do you copy smartdns.conf to jffs as jffs is read only ??
things i tried:
-on linux OS tried to 'sudo mount -rw -o remount /dev/sda1 /location/to/mount/partition/'
-than nano /path to file smartdns.conf to create it, but still no success as it says jffs read only...
how the heck as i already did -rw -o remount
df -h shows jffs as well under GUI it says its mounted (router R7800)

also tried:
nvram set jffs_mounted=1
nvram set enable_jffs2=1
nvram set sys_enable_jffs2=1
nvram set clean_jffs2=1
nvram set sys_clean_jffs2=1
nvram commit
reboot

sadly jffs2 is missing on the (present builds)
also tried with jffs on USB it shows on df -h and when i go

cd /jffs
vi smartdns.conf
edit file add values than esc :w
it says no space left.... on my USB

sadly im not a linux geek and dint make it right, that's why i hate jffs...very often its screwed
as well i wanted to try that on 8MB devices where my target is ...
please give us some clues how to edit/copy file in jffs...

Well, I just enabled "jffs" on administration tab.
When I hook up to the router using telnet/ssh I have a writeable "jffs" there.
So just "cp /tmp/smartdns.conf /jffs/etc/smartdns.conf" and then edit this file using your favorite editor, I use "vi".
Obviously this will not work if /jffs isn't writable. I have no such issues on my routers however.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
PavelVD
DD-WRT User


Joined: 26 Jul 2019
Posts: 109

PostPosted: Tue Aug 25, 2020 19:29    Post subject: Reply with quote
I managed to start SmartDNS with my conf file as follows:
IMPORTANT! It is turned off in the GUI -
SmartDNS Resolver Disable
Dnsmasq
Validate DNS Replies (DNSSEC) Disable - (Always turn off when you turn on SmartDNS.)
Additional Dnsmasq Options
cache-size=0
server=127.0.0.1#6053

Diagnostics->Startup
smartdns -c /jffs/etc/smartdns.conf
IMPORTANT!
Code:
stopservice dnsmasq; startservice dnsmasq
- kills SmartDNS. To maintain performance, you should do as follows:
Code:
stopservice dnsmasq; startservice dnsmasq; smartdns -c /jffs/etc/smartdns.conf

If you are using addn-hosts=Mr. SurprisedItWorks code, then the end of the script must be supplemented by running "smartdns -c /jffs/etc/smartdns.conf".

I changed the tls-server to the fastest (known to me):
Code:
server-tls 45.90.28.0:853 -host-name: dns.nextdns.io
- everything works just fine!
I could not get the log file, I did not play with other settings. Left two servers:
Code:
server-tls 45.90.28.0:853 -host-name: dns.nextdns.io
server-tls 9.9.9.9:853 -host-name: dns.quad9.net

_________________
Linksys WRT1900ACSv2
Automatically adjustable temperature, always within the range of 59-68°С.
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Wed Aug 26, 2020 7:02    Post subject: Reply with quote
PavelVD: Glad you got it working!
Don’t understand why you had to go through all the steps you describe.
In my case I got it working using the simple steps I describe above in this thread.
The log file does not work however. I’ve posted a ticket in the svn regarding this. Let’s see if BS tries to fix it.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
PavelVD
DD-WRT User


Joined: 26 Jul 2019
Posts: 109

PostPosted: Wed Aug 26, 2020 8:54    Post subject: Reply with quote
I was wise because I didn't pick up /jffs/etc/smartd.conf. But I think I realized my mistake, Embarassed and now everything is working in a simple way. Very Happy
_________________
Linksys WRT1900ACSv2
Automatically adjustable temperature, always within the range of 59-68°С.
cookiemonsteruk
DD-WRT Novice


Joined: 24 Oct 2015
Posts: 41
Location: UK

PostPosted: Mon Jan 04, 2021 21:22    Post subject: Reply with quote
This is good news.
I wish to move to DNS over TLS ideally. I am on an old, 2018 vintage kong build on an Broadcom Netgear R7000. I am using a USB mounted on /opt for Yamon.
Would this plan work:
1. download and upgrade to the latest build from betas for my hardware: ftp://ftp.dd-wrt.com/betas/2021/01-01-2021-r45229/netgear-r7000/
That would be on top of the current build using the GUI ie. not resetting to manufacturer firmware first.
2. Enable SmartDNS on the upgraded firmware GUI and add the smartdns.conf to a path on /opt

Would that work in theory?
Does the confing file for smartdns need to be in /jffs/ ?
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Tue Jan 05, 2021 15:04    Post subject: Reply with quote
cookiemonsteruk wrote:
This is good news.
I wish to move to DNS over TLS ideally. I am on an old, 2018 vintage kong build on an Broadcom Netgear R7000. I am using a USB mounted on /opt for Yamon.
Would this plan work:
1. download and upgrade to the latest build from betas for my hardware: ftp://ftp.dd-wrt.com/betas/2021/01-01-2021-r45229/netgear-r7000/
That would be on top of the current build using the GUI ie. not resetting to manufacturer firmware first.
2. Enable SmartDNS on the upgraded firmware GUI and add the smartdns.conf to a path on /opt

Would that work in theory?
Does the confing file for smartdns need to be in /jffs/ ?

That should work fine but the config file has to reside in /jffs/etc. Also when moving from an old build you should reset to defaults by submitting a ‘nvram erase’ + ‘reboot’ from the command line. Don’t reset from the GUI, not reliable

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
cookiemonsteruk
DD-WRT Novice


Joined: 24 Oct 2015
Posts: 41
Location: UK

PostPosted: Tue Jan 05, 2021 15:25    Post subject: Reply with quote
I've updated the firmware of the router without incident, which is a big relief. I sold it to the family as an emergency. It is in a way because I'm due back to work tomorrow.
I lost DNS resolution once I enabled SmartDNS probably for the reason I don't have a /jffs mount point.
I also realised (with apologies) that this is an atheros area. I'll make a new thread so I can stop posting on this area.
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Tue Jan 05, 2021 16:53    Post subject: Reply with quote
cookiemonsteruk wrote:
I've updated the firmware of the router without incident, which is a big relief. I sold it to the family as an emergency. It is in a way because I'm due back to work tomorrow.
I lost DNS resolution once I enabled SmartDNS probably for the reason I don't have a /jffs mount point.
I also realised (with apologies) that this is an atheros area. I'll make a new thread so I can stop posting on this area.

You shouldn’t loose DNS resolution by enabling Smartdns. By default it creates a standard config file in /tmp. This should work but without any frills like dns over tls.
Did you reset after flashing? I suppose posting in this thread is OK as long as the topic is Smartdns.

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Tue Jan 05, 2021 21:23    Post subject: Reply with quote
cookiemonsteruk i referred you to SmartDNS, as alternative to Stubby for DNS over TLS, but as i said it requires reading and understanding too, read all that thread and focus on PavelVD & wabe guides...
As you may already noticed, standard SmartDNS does not have tls encryption by default, all is done via moving and editing SmartDNS config file....to jffs...

SmartDNS may be a good alternative(even better) to Stubby, but requires more understanding and reading 'how to'...
if you want to reset use either button for 10 sec or via CLI 'nvram erase && reboot' (no quotes)...
when you reset do not load save files from different builds...rebuild manually...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
cookiemonsteruk
DD-WRT Novice


Joined: 24 Oct 2015
Posts: 41
Location: UK

PostPosted: Wed Jan 06, 2021 21:16    Post subject: Reply with quote
thanks both, with your help I've now got stubby running.
I might need to come to SmartDNS in the future but TLS by default is what attracts me to stubby. The performance is adequate for my needs at the moment.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sun Sep 05, 2021 21:23    Post subject: Reply with quote
PavelVD wrote:
I managed to start SmartDNS with my conf file as follows:
IMPORTANT! It is turned off in the GUI -
SmartDNS Resolver Disable
Dnsmasq
Validate DNS Replies (DNSSEC) Disable - (Always turn off when you turn on SmartDNS.)
Additional Dnsmasq Options
cache-size=0
server=127.0.0.1#6053

Diagnostics->Startup
smartdns -c /jffs/etc/smartdns.conf
IMPORTANT!
Code:
stopservice dnsmasq; startservice dnsmasq
- kills SmartDNS. To maintain performance, you should do as follows:
Code:
stopservice dnsmasq; startservice dnsmasq; smartdns -c /jffs/etc/smartdns.conf

If you are using addn-hosts=Mr. SurprisedItWorks code, then the end of the script must be supplemented by running "smartdns -c /jffs/etc/smartdns.conf".

I changed the tls-server to the fastest (known to me):
Code:
server-tls 45.90.28.0:853 -host-name: dns.nextdns.io
- everything works just fine!
I could not get the log file, I did not play with other settings. Left two servers:
Code:
server-tls 45.90.28.0:853 -host-name: dns.nextdns.io
server-tls 9.9.9.9:853 -host-name: dns.quad9.net


Thank you! Finally a decent guide. For future reference my config is:

Code:
server-name RouterX
bind [::]:6053
serve-expired yes
log-size 64K
log-num 1
log-level error
log-file /tmp/smartdns.log

server-tls 95.216.24.230:853 -host-name: fi.dot.dns.snopyta.org
server-tls 78.46.244.143:853 -host-name: dot-de.blahdns.com
server-tls 95.216.212.177:853 -host-name: dot-fi.blahdns.com
server-tls 116.202.176.26:853 -host-name: dot.libredns.gr


I'm running this via startup command with:

Code:
smartdns -c /opt/etc/smartdns.conf


My Dnsmasq "Additional Dnsmasq Options" are:

Code:
interface=oet1
interface=tun2
local=/routerx.xxxxx.xxxx/
expand-hosts
domain-needed
bogus-priv
strict-order
cache-size=0
server=127.0.0.1#6053


Now, is there a way one can block unencrypted DNS queries going out my network? I could use iptables to drop all outgoing packets to port 53 but is there a better way?

Example of firewall commands:

Code:
# Block LAN devices from using insecure DNS
iptables -I FORWARD -p tcp --dport 53 -j DROP
iptables -I FORWARD -p udp --dport 53 -j DROP

# Limit router to resolver DNS over its own Dnsmasq/SmartDNS
iptables -I OUTPUT -p tcp --dport 53 -j DROP
iptables -I OUTPUT -p udp --dport 53 -j DROP
iptables -I OUTPUT -p tcp -d 10.0.0.1 --dport 53 -j ACCEPT
iptables -I OUTPUT -p udp -d 10.0.0.1 --dport 53 -j ACCEPT

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Mon Sep 06, 2021 11:05    Post subject: Reply with quote
Too bad that smartdns seems to crash sometimes.
_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Goto page Previous  1, 2, 3, 4 ... 18, 19, 20  Next Display posts from previous:    Page 3 of 20
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum