SMARTDNS Guide

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2, 3 ... 18, 19, 20  Next
Author Message
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 1782
Location: Illinois Moderator

PostPosted: Tue Mar 31, 2020 15:54    Post subject: SMARTDNS Guide Reply with quote
This is a placeholder for SmartDNS. It was introduced on commit 42755 and appears to be a work in progress still...

What is SmartDNS?

Features:

Multiple upstream DNS servers
Support configuring multiple upstream DNS servers and query at the same time.the query will not be affected, Even if there is a DNS server exception.

Return the fastest IP address
Supports finding the fastest access IP address from the IP address list of the domain name and returning it to the client to avoid DNS pollution and improve network access speed.

Support for multiple query protocols
Support UDP, TCP, TLS, HTTPS queries, and non-53 port queries, effectively avoiding DNS pollution.

Domain IP address specification
Support configuring IP address of specific domain to achieve the effect of advertising filtering, and avoid malicious websites.

Domain name high performance rule filtering
Support domain name suffix matching mode, simplify filtering configuration, filter 200,000 recording and take time <1ms.

Linux/Windows multi-platform support
Support standard Linux system (Raspberry Pi), openwrt system various firmware, ASUS router native firmware. Support Windows 10 WSL (Windows Subsystem for Linux).

Support IPV4, IPV6 dual stack
Support IPV4, IPV6 network, support query A, AAAA record, dual-stack IP selection, and disale IPV6 AAAA record.

High performance, low resource consumption
Multi-threaded asynchronous IO mode, cache cache query results.

HOW IT WORKS:

1.SmartDNS receives DNS query requests from local network devices, such as PCs and mobile phone query requests.

2.SmartDNS sends query requests to multiple upstream DNS servers, using standard UDP queries, non-standard port UDP queries, and TCP queries.

3.The upstream DNS server returns a list of Server IP addresses corresponding to the domain name. SmartDNS detects the fastest Server IP with local network access.

4.Return the fastest accessed Server IP to the local client.

Right now, I don't see any options on specifying your own preferred DNS servers....Not sure how this works with dnsmasq yet. Need another guru to chime in.

Edit by moderator (egc) attached some setup instructions, only visible when you are logged in

Official guide and docs

NOTE: Please refer to [SOLVED] SmartDNS: -tls-host-verify broken since r53616 and this post
regarding syntax for -host-name and -tls-host-verify options.
- kp69

_________________
FORUM RULES

TIPS/TRICKS: Best QCA Wifi Settings | Latency tricks | QoS Port priority | NEVER USE MU-MIMO |
Why to NOT use MU-MIMO | Max Wifi Pwr by Country | Linux Wifi Pwr | AC MCS & AX MCS | QCA 5Ghz chnls to use | WIFI Freq WIKI | TFTP R7800 | Don't buy AX | IPERF3 How-To

[R9000]52396 nightly (Main Router)
[EA8500]43192 & 45493 (2xOffsite)
[R7800] resting
[WDR3600]BS 44715 (Offsite)
[A7v5]BS 43038 (Offsite+spare napping)
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Tue Mar 31, 2020 18:00    Post subject: Reply with quote
As it seems SmartDNS has a full bag of tricks to offer i may move to it, and not use Stubby anymore, as it offers TLS, HTTPS and so on ...
well... Stub resolvers have their own advantage too...but there ware problems with Entware/opkg recently, so SmartDNS seems safer and sound option..

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Wed Apr 01, 2020 17:31; edited 2 times in total
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 1782
Location: Illinois Moderator

PostPosted: Tue Mar 31, 2020 20:07    Post subject: Reply with quote
I'm waiting on some guidance from BS...
_________________
FORUM RULES

TIPS/TRICKS: Best QCA Wifi Settings | Latency tricks | QoS Port priority | NEVER USE MU-MIMO |
Why to NOT use MU-MIMO | Max Wifi Pwr by Country | Linux Wifi Pwr | AC MCS & AX MCS | QCA 5Ghz chnls to use | WIFI Freq WIKI | TFTP R7800 | Don't buy AX | IPERF3 How-To

[R9000]52396 nightly (Main Router)
[EA8500]43192 & 45493 (2xOffsite)
[R7800] resting
[WDR3600]BS 44715 (Offsite)
[A7v5]BS 43038 (Offsite+spare napping)
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Apr 07, 2020 7:21    Post subject: Reply with quote
so this isnt recursive like unbound and is a forwarder like dnsmasq? and unable to place smartdns.conf into /jffs/etc like for unbound, to override default config with what i trying for. so its basically forced with bs's defaults which is impossible for adblocking unless it goes somewhere else..
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55416 std
[QUALCOMM] DIR-862L --------------------------------> r55416 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Wed Apr 08, 2020 12:41    Post subject: Reply with quote
I suppose an option would be to switch off in GUI and start manually using a custom configfile in a script?
_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Wed Apr 08, 2020 13:57    Post subject: Reply with quote
still WIP, you cannot prove its working..as BS hasn't added the config box yet...
those finds i ve fond its using those DNS from those boxes are not a prove its working...
SMTDNS does not accept any commands yet and those settings provided only, are not useful at all..
the reason you see those DNS in the config doesn't make it work...
I tried editing its shit but no avail its not saving those as they are in TMP folder if you didn't notice..
SO i hope in the near future will be more clear whats going on so far its WIP

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
KellyGAllen
DD-WRT Novice


Joined: 17 Sep 2009
Posts: 22
Location: Las Vegas, NV, United States

PostPosted: Wed Apr 08, 2020 16:04    Post subject: Reply with quote
What's needed is a list of URIs that test each transport and method and kind of result. All preferably on a single thing that either loads with a green color or does not load over something with red in the background.
That list should also include for the humans what each test case should ideally smart resolve to.
This page could be anywhere on the net.

Such a list would be a great tool for people not using the SmartDNS as well to know where their stack is inferior; to know how they match up to what could be.

I have SmartDNS OFF... I just checked, I thought it was on because some things that normally would not resolve are working and I was certain I turned it on.

I cant say it is for the most part working, and I need some test cases.
I also have the shortcut engine off currently.

And I am using Non-Redirecting Google DNS servers for ipv4&ipv6... FOR MOST PEOPLE they will be assigned dns servers which lie obsessively and compulsively while being over burdened with being a search engine for hijacking peoples mistakes and censored or middle-manned domains. I use https://www.grc.com/dns/benchmark.htm to test and find non-redirecting servers. Potentially within my own isp, but this time I went with Google DNS just because I don't like what ISP's been doing or that they have buried their old school dns servers.

If there is an assembled test case list then the tester should also note their DNS sources and configuration for both ipv4 and ipv6.

Would also want test to show if differences form lookup methods.
For example i want to know if isp starts hijacking my 53 port lookups when i think they are going to google and when smart dns contrasts them to alternate lookup methods then the rift in results is shown.[/url]
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 1782
Location: Illinois Moderator

PostPosted: Wed Apr 08, 2020 16:20    Post subject: Reply with quote
KellyGAllen wrote:
What's needed is a list of URIs that test each transport and method and kind of result. All preferably on a single thing that either loads with a green color or does not load over something with red in the background.
That list should also include for the humans what each test case should ideally smart resolve to.
This page could be anywhere on the net.

Such a list would be a great tool for people not using the SmartDNS as well to know where their stack is inferior; to know how they match up to what could be.

I have SmartDNS OFF... I just checked, I thought it was on because some things that normally would not resolve are working and I was certain I turned it on.

I cant say it is for the most part working, and I need some test cases.
I also have the shortcut engine off currently.

And I am using Non-Redirecting Google DNS servers for ipv4&ipv6... FOR MOST PEOPLE they will be assigned dns servers which lie obsessively and compulsively while being over burdened with being a search engine for hijacking peoples mistakes and censored or middle-manned domains. I use https://www.grc.com/dns/benchmark.htm to test and find non-redirecting servers. Potentially within my own isp, but this time I went with Google DNS just because I don't like what ISP's been doing or that they have buried their old school dns servers.

If there is an assembled test case list then the tester should also note their DNS sources and configuration for both ipv4 and ipv6.

Would also want test to show if differences form lookup methods.
For example i want to know if isp starts hijacking my 53 port lookups when i think they are going to google and when smart dns contrasts them to alternate lookup methods then the rift in results is shown.


You're not asking for a lot are you? Laughing

Smart DNS is a total Work In Progress right now and no one seems to know how it works...

This is what I got back from BS...which is a mystery to me still:

Forgive the ignorant question, but where would we "customize" smart DNS? In the DNSMASQ Customs box?

BrainSlayer wrote:
on routers which include smartdns. there is a own smartdns option just above dnsmasq.


I assume you either use dnsmasq or smartdns, but not both, correct?

BrainSlayer wrote:
both works combined since we still need dnsmasq for dhcp. and you can also combine smartdns with unbound


So a non-answer answer...

I agree that I want to be able to confirm I can specify a list of DNS servers I want to be used and then utilize SmartDNS to use that "whitelist" of DNS servers I specify and be able to confirm that only my whitelist is being used and not some random china dns servers are being pinged...I don't feel confident in smartdns right now...¯\_Rolling Eyes_/¯

_________________
FORUM RULES

TIPS/TRICKS: Best QCA Wifi Settings | Latency tricks | QoS Port priority | NEVER USE MU-MIMO |
Why to NOT use MU-MIMO | Max Wifi Pwr by Country | Linux Wifi Pwr | AC MCS & AX MCS | QCA 5Ghz chnls to use | WIFI Freq WIKI | TFTP R7800 | Don't buy AX | IPERF3 How-To

[R9000]52396 nightly (Main Router)
[EA8500]43192 & 45493 (2xOffsite)
[R7800] resting
[WDR3600]BS 44715 (Offsite)
[A7v5]BS 43038 (Offsite+spare napping)
KellyGAllen
DD-WRT Novice


Joined: 17 Sep 2009
Posts: 22
Location: Las Vegas, NV, United States

PostPosted: Wed Apr 08, 2020 16:51    Post subject: Visions Reply with quote
I can see SmartDNS being it's own tab. With A external test/report url which has cases in iframes or just loads images over url cases.
A thing that i was going to make in my custom stack was a comparative dns solution that would show discrepancies and allow for manual selection per domain.
If this ends up in smartdns. Or smartdns just knows the right one... and doesn't get thrown off by wildcard or honeypot dns. Then I don't have to reinvent the wheel for one of my own stack projects and I can just recommend usage of DD-WRT in the underlying components of the stack.
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 1782
Location: Illinois Moderator

PostPosted: Wed Apr 08, 2020 16:55    Post subject: Re: Visions Reply with quote
KellyGAllen wrote:
I can see SmartDNS being it's own tab. With A external test/report url which has cases in iframes or just loads images over url cases.
A thing that i was going to make in my custom stack was a comparative dns solution that would show discrepancies and allow for manual selection per domain.
If this ends up in smartdns. Or smartdns just knows the right one... and doesn't get thrown off by wildcard or honeypot dns. Then I don't have to reinvent the wheel for one of my own stack projects and I can just recommend usage of DD-WRT in the underlying components of the stack.


BS adding a new GUI TAB is not very likely based on past reading of him making gui tweaks... especially since this is router specific and would mean a fork off a main build for gui page for capable and not capable routers, but I could be wrong.

I will PM you.

_________________
FORUM RULES

TIPS/TRICKS: Best QCA Wifi Settings | Latency tricks | QoS Port priority | NEVER USE MU-MIMO |
Why to NOT use MU-MIMO | Max Wifi Pwr by Country | Linux Wifi Pwr | AC MCS & AX MCS | QCA 5Ghz chnls to use | WIFI Freq WIKI | TFTP R7800 | Don't buy AX | IPERF3 How-To

[R9000]52396 nightly (Main Router)
[EA8500]43192 & 45493 (2xOffsite)
[R7800] resting
[WDR3600]BS 44715 (Offsite)
[A7v5]BS 43038 (Offsite+spare napping)
KellyGAllen
DD-WRT Novice


Joined: 17 Sep 2009
Posts: 22
Location: Las Vegas, NV, United States

PostPosted: Wed Apr 08, 2020 17:09    Post subject: Reply with quote
I can see SmartDNS being it's own tab. IF BS wants to do it... Wink Otherwise if i need such control for my stack i will be on my stack. With A external test/report url which has cases in iframes or just loads images over url cases.
A thing that i was going to make in my custom stack was a comparative dns solution that would show discrepancies and allow for manual selection per domain.
If this ends up in smartdns. Or smartdns just knows the right one... and doesn't get thrown off by wildcard or honeypot dns. Then I don't have to reinvent the wheel for one of my own stack projects and I can just recommend usage of DD-WRT in the underlying components of the stack.
I previously in-visioned a hierarchy in the comparison supporting wildcard in customization specification.
a local white list
a local blacklist list
a local custom choice list
a local overide list [like hosts]
[an ip chains integration for the blacklist supporting wild card ip addresses]

then dns/config acquired servers
then explore acquired servers

which push into the local lists and populate custom override choices.

for example i would be able to choose an outside isp's dns for one domain cached by router dns.

I could block or resolve other one to localhost error for *bilsyndication* and their many tld and sub domains. Effectively terminating all ad's and which i assume to be a potentially 3rd site targeted payload of ad's which may have z-days baked in. I could also ideals say block a class d on this domain as an extreme or just it's ip cautiously. perhaps look up its RIPE data and make ip blocking suggestions by registered owner and leased ips.
A rather strong kill switch example for dns and ads and an other wise very long block list of 'rules'.

that would be next level shaming NextGen with their community/cloud network threat awareness.

perhaps the ability to run certain local clients or ip ranges though a specific final resolver: Perhaps I want my kids to always and only go through opendns for parental control without using the kids device for config, which they can factory reset or custom connect.

keep in mind i am thinking about the brad use through gui and not for high or low level hacks; and i am lending a purpose that i felt before I found this resonating desire better dns.
In the end i am also just as good for a simple enable and disable and it is just that smart. But some customization or particular guidence may be in the end less scope than an ultra high functional iq. A tab could give it a process for the human to help decern what is the right resolution or what is a dead end or unwanted.

My stack would have web gui and even low level underpinnings with php-cli minimal just for the string and type magic. I switch to php-cli during kickstart post script in my Distros sourceforce concept build during install and from on even pushing ssh out from the built node to a internet managing server instance to overcome nat or firewall for C&C.
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Wed Apr 08, 2020 18:50    Post subject: Reply with quote
I've made a suggestion in the svn to either add a text box for custom configuration or looking for a customized smartdns.conf in either /jffs or another directory on a mounted file system. Similar to what's available for smb.

I tried smartdns a couple of days ago. It seems that it curently pulls the default dns servers from your ISP plus servers specified in the dnsmasq custom options.

I would like to be able to use smartdns to only use dns-over-tls enabled servers

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Thu Apr 09, 2020 5:30    Post subject: Reply with quote
wabe wrote:
I've made a suggestion in the svn to either add a text box for custom configuration or looking for a customized smartdns.conf in either /jffs or another directory on a mounted file system. Similar to what's available for smb.

I tried smartdns a couple of days ago. It seems that it curently pulls the default dns servers from your ISP plus servers specified in the dnsmasq custom options.

I would like to be able to use smartdns to only use dns-over-tls enabled servers


+1 for box for tls or https and many other settings Smile

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Thu Apr 09, 2020 7:12    Post subject: Reply with quote
good luck.. unbound still doesnt even have a simple config box Rolling Eyes
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55416 std
[QUALCOMM] DIR-862L --------------------------------> r55416 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Thu Apr 09, 2020 7:52    Post subject: Reply with quote
tatsuya46 wrote:
good luck.. unbound still doesnt even have a simple config box Rolling Eyes


Yes, but hope BS at least implements a simple solution, like for smb and unbound, were you can place a custom configuration file on a writeable file system. Would be good enough if a config box is out of reach Smile

_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Goto page 1, 2, 3 ... 18, 19, 20  Next Display posts from previous:    Page 1 of 20
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum