Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Jul 17, 2019 19:10 Post subject:
with NTP time..... well ether way will do...
hmm i managed to install and deploy stubby on my R7000 and its working...just don't follow the bit Entware for Atheros routers and use Broadcom instead...once on entware install, stubby, tcpdump, nano that's all you need, than follow the guide...in my post above...,but haven't tried DNScrypt + stubby yet... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Can confirm that the described procedure works perfectly after installing Entware on one of my Asus AC68Us _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
1.
On Android I can use dns.quad9.net as the setting for 'Private DNS'. Is the same possible in DD-WRT?
I mean, is it possible to fill this in without having to install all sorts of things outside the 'standard' DD-WRT releases?
2.
I use a firewall script to download malware/adware blocklists. Would that still work if I use Dns over TLS/HTTPS?
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Mon Oct 14, 2019 6:28 Post subject:
well...and your current build number is...???
On the old builds, there was a DNSCrypt in the Services
but it was depreciated, i have no idea how it works but its not v2 as DNSCrypt-proxy v2 is written on Golang and
the only way to install it is via Entware
So, if you use DNScrypt 1.95 old version with old servers still working via GUI or CLI...
yep the AdD block script is working with it...
But if you want to use (DNS via TLS) adblocking may not work...
to set either of the above services there are links in
in my signature...
the best regarding options is DNSCrypt-proxy v2...than i guess unbound and the last is stubby... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sun Dec 20, 2020 14:44; edited 2 times in total
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Mon Oct 14, 2019 14:46 Post subject:
tinkeruntilitworks wrote:
posting your router and build number will be helpful for the more experienced users to help you out
*
on my Netgear R7000p the recent builds have added a encrypt dns toggle in the services tab(gui)
it appears to be dnscrypt v2 with a limited selection of providers. unfortunately quad9 is not among them
See the link i my sig below re setting up the old DNSCrypt, which does not require entware. I use it with quad9 DNS and adguard DNS.
BTW, I believe opendns sells your DNS history. If someone knows for sure otherwise, please speak up. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Started using stubby and it worked really well for a while. With the last couple of builds I've had problems with links timing out and being unreachable. I'm using Cloudflare as dns provider.
Today I switched back to my original dnsmasq setup disabling dns-tls. Have no idea what cause the problems with stubby on more recent builds or if Cloudflare has implemented any changes?
Anyone else having the same issues? _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Started using stubby and it worked really well for a while. With the last couple of builds I've had problems with links timing out and being unreachable. I'm using Cloudflare as dns provider.
Today I switched back to my original dnsmasq setup disabling dns-tls. Have no idea what cause the problems with stubby on more recent builds or if Cloudflare has implemented any changes?
Anyone else having the same issues?
Yes, I've also had problems with Cloudflare recently. Switching to Quad9 in my stubby config fixed it.
I think the problem with Cloudflare is slowly being fixed across their servers. Ones in the US seem to be fine now, but elsewhere are still having problems.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Fri Nov 29, 2019 14:59 Post subject:
well...I never had any issues, either with stubby or 1.1.1.1, it works flawlessly...
it depends from your set up too, if you use a round robin option or not, idle time, port, cyphers used and ect....
recently, there was a opkg update too, so you'd need to do it, in order to keep working as expected..
opkg update
opkg upgrade
I do use many servers instead of just 1.1.1.1...
it help's ...
If you need more help i need to see your yml settings file.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Tried quad9 with stubby today. Worked well but I decided to test that it really communicated over the right port. Unfortunately it seems that it resolves on standard port 53 i.e unencrypted.
Have yet to try if 1.1.1.1 works well again. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Sun Dec 15, 2019 16:12 Post subject:
you have to set those servers to communicate via port 853 in stubby Then DNS will be encrypted...
on tcpdump i can see only 853 communications... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
you have to set those servers to communicate via port 853 in stubby Then DNS will be encrypted...
on tcpdump i can see only 853 communications...
That’s exactly what I’ve done. Added Quad9 to stubby.yml and tested with tcpdump.
No traffic on port 853. What I noticed is that 9.9.9.9 resolves to a dns provider in NL (WoodyNet), could be that provider does not offer dns over tls? On the other hand if Quad 9 claim they offer this protocol all their partners ought to provide it too. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339