TCB13if you have ticked SmartDNS servers only option, you dont have to put any DNS IP in the standard DNS x3 box, as this will ignore any DNS set anywhere else, and use those set in SmartDNS box only..
Have you checked this config print screen?
I'm not setting those "static DNS x3 box" but I need to set the Local DNS (above) to have the router internally resolving DNS. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Tue Nov 22, 2022 11:12 Post subject:
TCB13 wrote:
Alozaros wrote:
TCB13if you have ticked SmartDNS servers only option, you dont have to put any DNS IP in the standard DNS x3 box, as this will ignore any DNS set anywhere else, and use those set in SmartDNS box only..
Have you checked this config print screen?
I'm not setting those "static DNS x3 box" but I need to set the Local DNS (above) to have the router internally resolving DNS.
TCB13 your spelling looks different than the one i use in SmartDNS
and those are working as it should...may be try those...
you dont have to put anything in local DNS box leave it 0.0.0.0 as this box is used only if you use your router in WAP/Switch mode...
in my case if you read somewhere above in this thread, SmartDNS works very well with not much interactions at all _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Tue Nov 22, 2022 11:52 Post subject:
yep i've seen this pic and i even have it...
Than while using it in stub-resolver mode, check DDWRT GUI active connections and see if you have anything unreplyed over port 53... and if loopback interface is used and witch port is used and if you have any router connections (router IP ) over port 853 for example......
This pictures shows SmartDNS general functionality witch is different in DDWRT i believe...
but, yes you can use it either in normal mode via port 53 standard or as a stubbresolver via 6053 or anyport you want...
and as you can see on this pic there is no 6053 mentioned anywhere
its default local port
but anyway ho1Aetoo those are my understandings of how stubresolvers work and as i said above, i dont challenge your setup as it must be working as you provided pic too... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
to make SmartDNS work you have to disable:
-Validate DNS Replies (DNSSEC) form advanced DNSmasq rules
-as well to delete any static DNS entries form anywhere
-i also disable DNSmasq caching
-probb dont need cache DNSSEC data as this is not used locally
-and disable query in strict order too, as SmartDNS has its own querying algorithm
The only lines needed in SmartDNS config box are the https or tls DNS servers to use, all added in this format:
no idea what you always have with "stub resolver".
smartdns and dnsmasq are by definition always a "stub resolver".
the one program that is not always a stub resover is unbound.
you can either run unbound as a recursive dns resolver (in which case unbound itself queries the root servers) or you can configure unbound to query other upstream servers via dns, DoH, DoT in which case it is by definition also a stub resolver.
the port used in the local network for DNS queries does not change anything.
DNS servers can be authoritative and recursive. If they are neither, they are called stub resolvers and simply forward all queries to another recursive name server. Stub resolvers are typically used to introduce DNS caching on the local host or network.
Last edited by ho1Aetoo on Tue Nov 22, 2022 13:04; edited 2 times in total
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Tue Nov 22, 2022 12:16 Post subject:
ho1Aetoo wrote:
no idea what you always have with "stub resolver".
smartdns and dnsmasq are by definition always a "stub resolver".
the one program that is not always a stub resover is unbound.
you can either run unbound as a recursive dns resolver (in which case unbound itself queries the root servers) or you can configure unbound to query other upstream servers via dns, DoH, DoT in which case it is by definition also a stub resolver.
the port used in the local network for DNS queries does not change anything.
you tell me witch is the stubresolver (its the same with stubby ) and what im talking about stubresolvers and how dnsmasq is a stubresolver in this case...
p.s. ho1Aetoo lets not derail this tread on what is what, but rather concentrate on the subject SmartDNS functionality in DDWRT and the correct way of doing it...there is a guide made by egc,
as well he explained what you need to make it work, i presumed it too...no need of complications or going away of the DDWRT standards.....if you agree with me...lets keep the thread consistent
To me, you egc and others SmartDNS works ok ...out of the box...you dont need to do anything else than disable few things like DNSSEC related options, query in strict order and put few lines in correct format and thick the box use Additional Servers only... peace
p.s.may be some of the mods to sanitise it a bit plz, delete my posts that you believe are not needed...may be all of them i dont mind at all... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Tue Nov 22, 2022 16:25; edited 3 times in total
Debug Information
Connected to 1.1.1.1 Yes
Using DNS over HTTPS (DoH) Yes
Using DNS over TLS (DoT) Yes
Using DNS over WARP No
AS Name Cloudflare
AS Number 13335
Cloudflare Data Center JDO
Connectivity to Resolver IP Addresses
1.1.1.1 Yes
1.0.0.1 Yes
2606:4700:4700::1111 Yes
2606:4700:4700::1001 Yes
I tried put some "-host-name" and "-https-host-verify", but ended failling. So i keep it that way.
read carefully the requirements...or the egc guide about it...
Ednan also im not sure if TP-link 1043v2 supports SmartDNS encryption, as it doesn't have openssl, due to its limited flash size...unless BS did something recently...and made it work (i doubt)...to be precise you have to check its DNS payload if its encrypted at all, either via tcpdump or wireshark
just check if those do exist on 1043v2...
/etc/ssl/ca-bundle.crt
/etc/ssl
i have few 1043v2 and somewhere BS mentioned that SmartDNS encryption will not work on those routers..due to certain limitations and weak architecture...
your only solution to have encrypted DNS is to use Stubby via Entware USB installation..red link in my sig _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Wed Nov 08, 2023 18:42; edited 1 time in total
you tell me witch is the stubresolver (its the same with stubby ) and what im talking about stubresolvers and how dnsmasq is a stubresolver in this case...
short answer these are both "stub resolvers" they are only connected in series, this is done when they offer different functions.
you just put another stub resolver in front of dnsmasq because dnsmasq does not support DoT or DoH as upstream link.
You can also connect 10 stub resolvers in series - no problem.
I use myself for example client <--> systemd-resolved <--> dnsmasq <--> dnsmasq <--> unbound in recursive mode that would be:
as said before by definition there are only authoritative / recursive / and stub resolvers, if your resolver is neither authoritative nor recursive then it is only a "stub resolver".