I can't get logging to work. It doesn't create the file. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Sep 07, 2021 18:29 Post subject:
TCB13 wrote:
Now, is there a way one can block unencrypted DNS queries going out my network? I could use iptables to drop all outgoing packets to port 53 but is there a better way?[/b]
how do you monitor those un-encrypted requests...if it works as a stub resolver on the loopback interface all unencrypted via port 53, must be unreplyed..check via GUI connections...
along with those commands you have..add this command to advanced DNSmasq
no-resolv
this will point DNSmasq to use only the server=127.0.0.1#6053
in general SmartDNS via CLI works ok...i run it via /jffs instead of /opt...(use /opt if you install it via Entware)
Crashing could be caused by many reasons...in general its stable, i never had issues with it...by the way, what is your router/firmware build...?? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
along with those commands you have..add this command to advanced DNSmasq
no-resolv
this will point DNSmasq to use only the server=127.0.0.1#6053
Thank you for the tip.
About the crashes my router is an R7000 running v47117, I'm planning to upgrade to the latest version but from my experience with another router I've to reconfigure everything manually and I don't have much time right now.
I'll report the status of SmartDNS with a more recent version soon.
Anyways is there a difference between just adding smartdns to the startup commands or use the startservice command? Is there any built in process monitorization / auto restart with that command?
Build r47117 is one month one week old; I doubt any need to manually reconfigure if you avoid all resets.
My other R7000 got bricked without all the resets. I even tried to restore a backup and got stuck in a boot loop. I had to manually configure everything, maybe the router had some old config in the nvram.
Depends on build initially configured, if over a year ago maybe hardware reset or nvram erase && reboot.
This is done after upgrade, not during. It is well known restore backups to the same build it was created.
I'm sure the config was way older than 1 year. But thats offtopic.
Are you aware if there a difference between just adding smartdns to the startup commands or use the startservice command? Is there any built in process monitorization / auto restart with that command?
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Sun Sep 19, 2021 15:10 Post subject:
you have to use SmartDNS via CLI only that means you have to disable it via GUI "SmartDNS Resolver - Disable"
than running it via startup commands and point it to jffs ... to read the config file...than it runs ok...
for R7000 i use the last working build 47381 and it was fine...luckily the new builds have to come with the new DNSmasq, as well some other fixes..today 47461 came out but i cannot try it... as im away...of R7000... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
you have to use SmartDNS via CLI only that means you have to disable it via GUI "SmartDNS Resolver - Disable"
than running it via startup commands and point it to jffs ... to read the config file...than it runs ok...
for R7000 i use the last working build 47381 and it was fine...luckily the new builds have to come with the new DNSmasq, as well some other fixes..today 47461 came out but i cannot try it... as im away...of R7000...
Well it has been running from the CLI without issues for some time now. The only thing I did was disabling logging. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
I am very inexperienced to run things in CLI. Is it possible if a quick summary/command lines couod be provided that could be used by lay users to enable running the smart dns?.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Wed Nov 24, 2021 7:47 Post subject:
hifiboy wrote:
I am very inexperienced to run things in CLI. Is it possible if a quick summary/command lines couod be provided that could be used by lay users to enable running the smart dns?.
Please take this opportunity to make a full backup just in case things go wrong, and get this experience under your belt. Empower yourself!
It can be scary at first, however I thoroughly recommend it (any perception of fear of CLI is alleviated by each keystroke made and making sure no typos are involved and following the how-tos outlined).
Im sure if something isn't clear to you after reading the how-tos in this post, if you ask clear questions and ask for clarification to which part you may get stuck at, that you will get a positive reply.
As an aside
Back when I was starting to learn Linux many moons ago and because I was sheltered from command lines as a Windows user, the how-to's made it an ideal way to start and having community members who had done it, and ready to answer questions was a source of some confort, and I'm not afraid to admit, I learned by making more mistakes than not, I ruined many a Linux install, but thinking back, I wouldn't have had it any other way.
Recently I made a fresh install of 11-18-2021-r47656 with SmartDNS in a different way than I documented before. I think this is generally better and cleaner.
It boils down to: 1) enable JFFS (read about it here https://wiki.dd-wrt.com/wiki/index.php/Journalling_Flash_File_System), 2) store the SmartDNS in a file under JFFS and 3) make the required adjustments. Before proceeding I urge you make a backup of your router settings.
1. Enable JFFS
1.1. Administration. > JFFS2 Support section.
1.2. Click Enable JFFS.
1.3. Click Save.
1.4. Wait couple seconds, then click Apply.
1.5. Wait again. Go back to the Enable JFFS section, and enable Clean JFFS. Do not click "Save". Click Apply instead.
1.6. Wait till you get the web-GUI back, then disable "Clean JFFS" again. Click "Save".
1.7. Reboot router
At this point you should see something like this:
Note: if your total/free aren't similar at this point it means the router didn't have time to clean the JFFS. Repeat the process and wait a little longer between each step.
If you SSH into your router (https://www.mysysadmintips.com/other/web/388-ssh-into-dd-wrt-router-remotely) you should have a new mount point and bunch of folders at /jffs:
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed Nov 24, 2021 11:17 Post subject:
Thanks for this write up, much appreciated.
One question (for all), and three random thoughts
This thread is in the Atheros forum as it is not Atheros specific maybe I should move it to the Advanced networking Forum?
About the use of JFFS2 (the built-in JFFS to use a part of nvram for permanent storage) if you frequently write to it it will wear out, not the case here as this is just reading but a warning must be in place when using this.
Second and more important is that upgrading when using JFFS2 might brick some routers (at least it did in the past) as the nvram layout is altered it can wreak havoc when upgrading.
I think it usually works but to be safe you can consider disabling JFFS2, reboot after that and then upgrading.
Of course a cumbersome procedure
I myself use an USB stick with jffs but that is just me
You can run scripts at startup from jfss by either using the Save USB option (never tested it though)
Or using a a script from startup which call the scripts on jffs which starts with
Code:
is-mounted.sh /jffs
this will delay the executing of the script until your USB stick with jfss is mounted