SMARTDNS Guide

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3 ... 14, 15, 16 ... 18, 19, 20  Next
Author Message
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Nov 16, 2022 9:57    Post subject: Reply with quote
it is in progress... but still needs to be tested
I am quite confident that it will work in the next public build.

https://svn.dd-wrt.com/changeset/50892
https://svn.dd-wrt.com/changeset/50904
https://svn.dd-wrt.com/changeset/50905
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Nov 16, 2022 10:32    Post subject: Reply with quote
I have it working in my own build but use a slightly different code although the latest changes are almost the same.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Nov 16, 2022 10:52    Post subject: Reply with quote
it works in build r50906

Code:
root@DD-WRT:/tmp# cat smartdns.conf
bind :6053
prefetch-domain yes
serve-expired yes
log-size 32K
log-num 1
log-level error
log-file /tmp/smartdns.log
ca-file /etc/ssl/ca-bundle.crt
ca-path /etc/ssl
server-https https://1.1.1.1/dns-query


Code:
root@DD-WRT:/tmp# cat smartdns.conf
bind :53
prefetch-domain yes
serve-expired yes
log-size 32K
log-num 1
log-level error
log-file /tmp/smartdns.log
dnsmasq-lease-file /tmp/dnsmasq.leases
ca-file /etc/ssl/ca-bundle.crt
ca-path /etc/ssl
server-https https://1.1.1.1/dns-query


Code:
root@DD-WRT:/tmp# cat smartdns.conf
bind :53
prefetch-domain yes
serve-expired yes
log-size 32K
log-num 1
log-level error
log-file /tmp/smartdns.log
dnsmasq-lease-file /jffs/dnsmasq.leases
ca-file /etc/ssl/ca-bundle.crt
ca-path /etc/ssl
server-https https://1.1.1.1/dns-query


It takes ~1.5min before new DHCP hosts are resolved.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Nov 16, 2022 11:11    Post subject: Reply with quote
ho1Aetoo wrote:
It takes ~1.5min before new DHCP hosts are resolved.


I've mixed results on that one, ranging from a few seconds to something like what you've experienced.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Wed Nov 16, 2022 11:32    Post subject: Reply with quote
BS says smartdns looks from time to time to see if the file modification date has changed.
The file is therefore not read permanently.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sat Nov 19, 2022 20:03    Post subject: Reply with quote
Version r50906 seems to include your patches, thank you guys!

For anyone reading this in the future, my current DNS config is:



SmartDNS Servers (Probably more privacy oriented - slower):
Code:
server-tls 78.46.244.143:853 -host-name: dot-de.blahdns.com
server-tls 95.216.212.177:853 -host-name: dot-fi.blahdns.com
server-tls 116.202.176.26:853 -host-name: dot.libredns.gr


SmartDNS Servers (Cloudflare - faster and less failures):
Code:
server-tls 1.1.1.1:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com
server-tls 1.0.0.1:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com
server-tls [2606:4700:4700::1111]:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com
server-tls [2606:4700:4700::1001]:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com


- https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=333334&sid=b15b6f80b357e3a81499c5462ca8e45c
- https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2022/11-18-2022-r50906
- https://svn.dd-wrt.com/changeset/50892

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Mon Nov 21, 2022 23:05    Post subject: Reply with quote
TCB13 wrote:
Version r50906 seems to include your patches, thank you guys!

For anyone reading this in the future, my current DNS config is:




Apparently there's a small issue with this setup - the router itself can't resolve DNS:

Code:
root@router:/tmp# ping google.com

ping: bad address 'google.com'


No nameserver is included at /tmp/resolv.conf.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Nov 22, 2022 7:27    Post subject: Reply with quote
well...SmartDNS in DDWRT in my case works ok along with DNSmasq via port 6053 it acts like a subresolver...i guess if you use it via port 53 without DNSmasq, it wont be a stubresolving...
i've never tried and wanted to use SmartDNS directly via port 53...moreover you want to use its encrypting capabilities, either via port 853 or 443, so i guess if you use encrypted servers, it wont go over port 53... i believe Rolling Eyes
if you want to try it without DNSmasq over port 53 you must specify plain DNS servers like just 9.9.9.9 or 1.1.1.1
(well... cloudflare must not be used along other dns's, as its recommended for some odd reason although it works ok) Wink

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue Nov 22, 2022 8:10    Post subject: Reply with quote
are you seriously claiming that you have to start smartdns on a specific port to use DoH or DoT?
so the complete dd-wrt implementation is faulty?

i don't know how my router does it but it can resolve dns very well
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Nov 22, 2022 8:59    Post subject: Reply with quote
If I disable DNSMasq I have no problem resolving DNS on the router itself via SmartDNS.

SmartDNS is using DoT exclusively as upstream servers

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue Nov 22, 2022 10:06    Post subject: Reply with quote
egc wrote:
If I disable DNSMasq I have no problem resolving DNS on the router itself via SmartDNS.

SmartDNS is using DoT exclusively as upstream servers


I made it work, had to set the router IP on the Network Setup > Local DNS section like this:



I believe this "Local DNS" entry populates the nameserver in /tmp/resolv.conf.

After this the DNS on the router works properly. Instead of the router IP I also tired 127.0.0.1 but it didn't work.

So my full config now looks like this:


_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue Nov 22, 2022 10:26    Post subject: Reply with quote
I have not entered a local DNS server and no entry in the /tmp/resolv.conf and it still works.

You can see my configuration and the result in my previous post.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Nov 22, 2022 10:46    Post subject: Reply with quote
ho1Aetoo wrote:
are you seriously claiming that you have to start smartdns on a specific port to use DoH or DoT?
so the complete dd-wrt implementation is faulty?

i don't know how my router does it but it can resolve dns very well


well...I'm away to do any tests...but speaking of logic and functionality...with DDWRT, to my understanding SmartDNS can works either as a stubresolver via port 6053 or as a normal DNS resolver via port 53...with or without DNSmasq (never tried the second option)
So, ho1Aetoo do you think encrypted servers with work via port 53...
As i said above i never wanted to use SmartDNS on default port 53...unencrypted
As well as you know DoT & DoH are over 853 & 443...

Things that i ve never tried too:
-is to use other local port different than 6053...like i use with Stubby...
-or use SmartDNS as a normal resolver via port 53...as im chasing a different functionality of it..
-never tried to see via (wireshark) if SmartDNS encrypts the load..but tested it using cloudflare via 853 and their testing site...

TCB13if you have ticked SmartDNS servers only option, you dont have to put any DNS IP in the standard DNS x3 box, as this will ignore any DNS set anywhere else, and use those set in SmartDNS box only..

in general SmartDNS (in DDWRT) nowadays works out of the box, you just have to put servers in its box and tick SmartDNS servers only option...and im very happy chappy with this option and encrypted functionality, thanks to anyone who contributed towards this functionality...mainly egc, bs, the joker and others..

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Tue Nov 22, 2022 10:56; edited 1 time in total
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue Nov 22, 2022 10:53    Post subject: Reply with quote
It doesn't matter on which port smardns is running, this is the port in the internal network with which unencrypted clients connect.

Depending on the configured server smartdns forwards the requests to an upstream server via DoH or DoT.

Rolling Eyes

and i not only think that it works i know that it works ... you can also see in my screenshots Smile
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue Nov 22, 2022 11:01    Post subject: Reply with quote
ho1Aetoo wrote:
It doesn't matter on which port smardns is running, this is the port in the internal network with which unencrypted clients connect.

Depending on the configured server smartdns forwards the requests to an upstream server via DoH or DoT.

Rolling Eyes


yes internally yes you are very much correct Cool, it should be like that, unless BS fixed it to 6053 only, but i doubt... this is not the case here i believe ..and there is no point of using port 53 locally as the stubresolver usually drops the traffic on port 53 and uses 127.0.0.1:6053 (or whatever) may be it will get confused if port 53 is used locally i donno, in your case yes, it is working Rolling Eyes Wink

to TBC your spelling looks different than the one i use in SmartDNS

server-https https://5.2.75.75/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net

and those are working as it should...may be try those...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Tue Nov 22, 2022 11:10; edited 1 time in total
Goto page Previous  1, 2, 3 ... 14, 15, 16 ... 18, 19, 20  Next Display posts from previous:    Page 15 of 20
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum