"DNS over TLS" or "DNS over HTTPS"

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4
Author Message
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 736
Location: AR, USA

PostPosted: Tue Jul 16, 2019 3:06    Post subject: Reply with quote
I'm pretty sure that you don't have to specify an NTP server and that an IP is built into the firmware.

For the issue of FQDN for NTP before DNS is working, I ran into this same issue when running DNSCrypt on the router itself and found following line in my DNSmasq options to work:

server=/ntp.org/208.67.222.222

My router is configured to use us.pool.ntp.org for NTP.

How have some of you been able to run dig on your routers?? I installed stubby, and getdns but that didn't seem to work.

_________________
R7000 Nighthawk - DD-WRT v3.0-r40270M kongac (07/11/19)
~~~~~~~~~~~~~~Currently Unused~~~~~~~~~~~~~~
WRT54Gv2 - V24 STD Build 22118 configured as AP
WRT54Gv8.2 - V24 Micro Build 22118 configured as AP
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2891
Location: UK, London, just across the river..

PostPosted: Wed Jul 17, 2019 19:10    Post subject: Reply with quote
with NTP time..... well ether way will do...

hmm i managed to install and deploy stubby on my R7000 and its working...just don't follow the bit Entware for Atheros routers and use Broadcom instead...once on entware install, stubby, tcpdump, nano that's all you need, than follow the guide...in my post above...,but haven't tried DNScrypt + stubby yet... Razz

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 -----DD-WRT 41328 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 -----DD-WRT 41321 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 -----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 ---------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,Firewall,Local DNS,DNSCrypt v2 x2)
Broadcom
Netgear R7000 ---------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 686

PostPosted: Mon Sep 23, 2019 17:31    Post subject: Reply with quote
Can confirm that the described procedure works perfectly after installing Entware on one of my Asus AC68Us
_________________
AC-68U rev. C1 on Build 41218
AC-68U rev. A1 on Build 40270M
AC-68U rev. A1 on Build 41218
iycgtptyarvg
DD-WRT Novice


Joined: 18 Jun 2014
Posts: 38

PostPosted: Sun Oct 13, 2019 20:28    Post subject: Reply with quote
1.
On Android I can use dns.quad9.net as the setting for 'Private DNS'. Is the same possible in DD-WRT?
I mean, is it possible to fill this in without having to install all sorts of things outside the 'standard' DD-WRT releases?

2.
I use a firewall script to download malware/adware blocklists. Would that still work if I use Dns over TLS/HTTPS?
tinkeruntilitworks
DD-WRT User


Joined: 21 May 2019
Posts: 118

PostPosted: Sun Oct 13, 2019 21:29    Post subject: Reply with quote
posting your router and build number will be helpful for the more experienced users to help you out


*
on my Netgear R7000p the recent builds have added a encrypt dns toggle in the services tab(gui)

it appears to be dnscrypt v2 with a limited selection of providers. unfortunately quad9 is not among them
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2891
Location: UK, London, just across the river..

PostPosted: Mon Oct 14, 2019 6:28    Post subject: Reply with quote
well...and you current build number is...???
on the old builds there was a DNSCrypt in the Services
but it was depreciated, i have no idea how it works but its not v2 as DNSCrypt-proxy v2 is written on Golang and
the only way to install it is via Entware
So if you use DNScrypt 1.95 old version with old servers still working via GUI or CLI...
yep the AdD block script is working with it...

But if you want to use (DNS via TLS) adblocking may not work...
to set either of the above services there are links in
in my signature...

the best regarding options is DNSCrypt-proxy v2...than i guess unbound and the last is stubby...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 -----DD-WRT 41328 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 -----DD-WRT 41321 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 -----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 ---------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,Firewall,Local DNS,DNSCrypt v2 x2)
Broadcom
Netgear R7000 ---------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913


Last edited by Alozaros on Tue Oct 15, 2019 0:39; edited 1 time in total
tinkeruntilitworks
DD-WRT User


Joined: 21 May 2019
Posts: 118

PostPosted: Mon Oct 14, 2019 13:37    Post subject: Reply with quote
recent as in the current build and the one before it
r41269/
r41303/
and now
r41321/

what ever the version(my bad) it is a simple solution available to some

*
it is the same that was in old kong builds 6 months ago or so.

opendns has a decent privacy policy right?
they just don't offer the protection for free anymore right?
SurprisedItWorks
DD-WRT User


Joined: 04 Aug 2018
Posts: 408
Location: Appalachian mountains, USA

PostPosted: Mon Oct 14, 2019 14:46    Post subject: Reply with quote
tinkeruntilitworks wrote:
posting your router and build number will be helpful for the more experienced users to help you out


*
on my Netgear R7000p the recent builds have added a encrypt dns toggle in the services tab(gui)

it appears to be dnscrypt v2 with a limited selection of providers. unfortunately quad9 is not among them

See the link i my sig below re setting up the old DNSCrypt, which does not require entware. I use it with quad9 DNS and adguard DNS.

BTW, I believe opendns sells your DNS history. If someone knows for sure otherwise, please speak up.

_________________
Six of the Linksys WRT1900ACSv2 on r38159 (solid), r39144 (very solid), r40009 (solid), and r40784 (trying out). On various:
VLANs, client-mode travel router, two DNSCrypt servers (incl Quad9), multiple VAPs, USB/NAS, QoS, OpenVPN client/PBR (random NordVPN server).
tinkeruntilitworks
DD-WRT User


Joined: 21 May 2019
Posts: 118

PostPosted: Mon Oct 14, 2019 16:25    Post subject: Reply with quote
i was more talking for the op sake. i'm still playing with unbound. the more options available for people the better.

i had ipv6 jacked up til very recent and adding another setting to help against resolution failures. I don't know how many routers have a ca-bundle cert file and unbound option available to them though https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320362&sid=a8b6bc5fffef8d27abb8d1b64eed1688


*
i'm just a novice figuring things out as i go. other people's routes are probably best if you're just starting out


Last edited by tinkeruntilitworks on Mon Oct 14, 2019 17:34; edited 1 time in total
iycgtptyarvg
DD-WRT Novice


Joined: 18 Jun 2014
Posts: 38

PostPosted: Mon Oct 14, 2019 17:09    Post subject: Reply with quote
tinkeruntilitworks wrote:
posting your router and build number will be helpful for the more experienced users to help you out


*
on my Netgear R7000p the recent builds have added a encrypt dns toggle in the services tab(gui)

it appears to be dnscrypt v2 with a limited selection of providers. unfortunately quad9 is not among them

I'm sorry, I forgot this wasn't a router specific forum topic.

I have a TP-Link WDR4300.
Goto page Previous  1, 2, 3, 4 Display posts from previous:    Page 4 of 4
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum