Ok, I've comented out the cypher suites line and restarted stubby.
I installed tcpdump (it's great to be able to with entware) and captured some packets. I can see traffic with lines like this:
22:30:11.476646 IP host-9P-29-1AB-XT.asxxxx.net.xxx > dns9.quad9.net.853: Flags [R], seq 3054894708, win 0, length 0
(host redacted)
So from your post, it is working.
I just need now to look into the "#no-resolv" part of DNSMasq and read the manual for stubby to alter the config to behave as I want.
Most obliged.!!
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Wed Jan 06, 2021 0:18 Post subject:
no-resolv is part of DNSmasq config, it literally tells to DNSmasq, to not use any other DNS servers specified in those x3 boxes form the basic set up page or fetched by ISP, than use those specified in DNSmasq config like server= _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I can confirm stubby is working with your help.
I'm reading documentation from stubby and getdns to tweak if necessary.
Thanks for the explanations.
One last question for @bushant if I may:
I'm using your startup script:
Code:
#!/bin/sh
logger -t S61stubby "Starting Stubby DNS over TLS $0"
# set environment PATH to system binaries
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
ENABLED=yes
PROCS=stubby
ARGS="-g -v 5 -C /opt/etc/stubby/stubby.yml 2>/opt/var/log/stubby.log"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func
Would you mind elaborating on why there are two lines for PATH and the use of "-g -v 5" in the ARGS variable
Right. Apologies @vibranto for not realising this.
Any info on this will be appreciated. So far the documentation for Stubby has nothing I can spot for options -g -v {number}
To be honest stubby started working right out of the box a year and a half ago for me
and I have never messed with it much only add and subtract servers a couple times.
But a while ago I tried the S61stubby.sh script as it currently is in @vibranto's post on page 3 of that thread.
It does not work.
that's just permissions. If you're running it as root, chances are it just needs a full shell line, for instance:
root@DD-WRT:/opt# /bin/sh /opt/etc/init.d/S61stubby.sh check
for a check. If it doesn't give you a "Permission denied", then that would do for
root@DD-WRT:/opt# /bin/sh /opt/etc/init.d/S61stubby.sh start
and it will work.
Hopefully @vibranto will see this question at some point and educate me.
Thanks @bushant.
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Fri Jan 08, 2021 8:50 Post subject:
cookiemonsteruk
if you read the guide carefully you'd find that
this script you create once via CLI, you don't need it created/inserted in start up script, as it resides in /opt/etc/init.d/S61stubby.sh
just follow the guide in my link:
opkg install nano (click enter)
than type:
nano /opt/etc/init.d/S61stubby.sh
paste this script:
#!/bin/sh
logger -t S61stubby "Starting Stubby DNS over TLS $0"
# set environment PATH to system binaries
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
ENABLED=yes
PROCS=stubby
ARGS="-g -v 5 -C /opt/etc/stubby/stubby.yml 2>/opt/var/log/stubby.log"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func
than press
(ctrl+x)
(click Y)
(click enter)
than type
chmod +x /opt/etc/init.d/S61stubby.sh _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Yes, this is a startup script is working fine. Stubby is working, the startup script below is called from admin command at boot. All good.
I am asking for an explananation what the variables do.
My searches have taken me to the original that seems to have come from another forum. I'll look there.
So thanks for the help, it got me with Stubby working fine.
Smartdns is also a good alternative, works well for me, better than Stubby. There is a thread explaining how to get it going with dns over tls here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896
One advantage is that it does not require Entware _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Sun Jan 10, 2021 21:11 Post subject:
wabe wrote:
Smartdns is also a good alternative, works well for me, better than Stubby. There is a thread explaining how to get it going with dns over tls here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896
One advantage is that it does not require Entware
wabe if you didn't notice, the same chap populated on both threads... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913