SMARTDNS Guide

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5 ... 18, 19, 20  Next
Author Message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Sep 06, 2021 14:18    Post subject: Reply with quote
Logs?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Sponsor
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Mon Sep 06, 2021 14:19    Post subject: Reply with quote
kernel-panic69 wrote:
Logs?


I can't get logging to work. It doesn't create the file.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Tue Sep 07, 2021 18:29    Post subject: Reply with quote
TCB13 wrote:
Now, is there a way one can block unencrypted DNS queries going out my network? I could use iptables to drop all outgoing packets to port 53 but is there a better way?[/b]


how do you monitor those un-encrypted requests...if it works as a stub resolver on the loopback interface all unencrypted via port 53, must be unreplyed..check via GUI connections...

along with those commands you have..add this command to advanced DNSmasq

no-resolv

this will point DNSmasq to use only the server=127.0.0.1#6053

in general SmartDNS via CLI works ok...i run it via /jffs instead of /opt...(use /opt if you install it via Entware)

Crashing could be caused by many reasons...in general its stable, i never had issues with it...by the way, what is your router/firmware build...??

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Sep 08, 2021 9:28    Post subject: Reply with quote
Alozaros wrote:
along with those commands you have..add this command to advanced DNSmasq

no-resolv

this will point DNSmasq to use only the server=127.0.0.1#6053


Thank you for the tip.

About the crashes my router is an R7000 running v47117, I'm planning to upgrade to the latest version but from my experience with another router I've to reconfigure everything manually and I don't have much time right now.

I'll report the status of SmartDNS with a more recent version soon.

Anyways is there a difference between just adding smartdns to the startup commands or use the startservice command? Is there any built in process monitorization / auto restart with that command?

I could potentially do something like:

Code:
stopservice smartdns
rm /tmp/smartdns.conf
ln -s /opt/etc/smartdns.conf /tmp/smartdns.conf
ln -s /opt/etc/smartdns.conf /jffs/etc/smartdns.conf
startservice smartdns


All the links are just to be sure that there's no way the system will load the wrong config.

Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Wed Sep 08, 2021 9:34    Post subject: Reply with quote
Build r47117 is one month one week old; I doubt any need to manually reconfigure if you avoid all resets.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Sep 08, 2021 9:49    Post subject: Reply with quote
blkt wrote:
Build r47117 is one month one week old; I doubt any need to manually reconfigure if you avoid all resets.


My other R7000 got bricked without all the resets. I even tried to restore a backup and got stuck in a boot loop. I had to manually configure everything, maybe the router had some old config in the nvram.

Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Wed Sep 08, 2021 11:46    Post subject: Reply with quote
Depends on build initially configured, if over a year ago maybe hardware reset or nvram erase && reboot.

This is done after upgrade, not during. It is well known restore backups to the same build it was created.
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Sep 08, 2021 11:50    Post subject: Reply with quote
blkt wrote:
Depends on build initially configured, if over a year ago maybe hardware reset or nvram erase && reboot.

This is done after upgrade, not during. It is well known restore backups to the same build it was created.


I'm sure the config was way older than 1 year. But thats offtopic.

Are you aware if there a difference between just adding smartdns to the startup commands or use the startservice command? Is there any built in process monitorization / auto restart with that command?

Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Sun Sep 19, 2021 15:10    Post subject: Reply with quote
you have to use SmartDNS via CLI only that means you have to disable it via GUI "SmartDNS Resolver - Disable"

than running it via startup commands and point it to jffs ... to read the config file...than it runs ok...

for R7000 i use the last working build 47381 and it was fine...luckily the new builds have to come with the new DNSmasq, as well some other fixes..today 47461 came out but i cannot try it... as im away...of R7000...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sun Sep 19, 2021 16:11    Post subject: Reply with quote
Alozaros wrote:
you have to use SmartDNS via CLI only that means you have to disable it via GUI "SmartDNS Resolver - Disable"

than running it via startup commands and point it to jffs ... to read the config file...than it runs ok...

for R7000 i use the last working build 47381 and it was fine...luckily the new builds have to come with the new DNSmasq, as well some other fixes..today 47461 came out but i cannot try it... as im away...of R7000...


Well it has been running from the CLI without issues for some time now. The only thing I did was disabling logging.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
hifiboy
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 45

PostPosted: Tue Nov 23, 2021 21:07    Post subject: Reply with quote
I am very inexperienced to run things in CLI. Is it possible if a quick summary/command lines couod be provided that could be used by lay users to enable running the smart dns?.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Nov 23, 2021 21:30    Post subject: Reply with quote
Did you bother reading through this whole thread?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Nov 24, 2021 7:47    Post subject: Reply with quote
hifiboy wrote:
I am very inexperienced to run things in CLI. Is it possible if a quick summary/command lines couod be provided that could be used by lay users to enable running the smart dns?.

Please take this opportunity to make a full backup just in case things go wrong, and get this experience under your belt. Empower yourself!

It can be scary at first, however I thoroughly recommend it (any perception of fear of CLI is alleviated by each keystroke made and making sure no typos are involved and following the how-tos outlined).

Im sure if something isn't clear to you after reading the how-tos in this post, if you ask clear questions and ask for clarification to which part you may get stuck at, that you will get a positive reply.

As an aside
Back when I was starting to learn Linux many moons ago and because I was sheltered from command lines as a Windows user, the how-to's made it an ideal way to start and having community members who had done it, and ready to answer questions was a source of some confort, and I'm not afraid to admit, I learned by making more mistakes than not, I ruined many a Linux install, but thinking back, I wouldn't have had it any other way.

Good luck. Wink

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Wed Nov 24, 2021 10:27    Post subject: Reply with quote
@hifiboy,

Recently I made a fresh install of 11-18-2021-r47656 with SmartDNS in a different way than I documented before. I think this is generally better and cleaner.

It boils down to: 1) enable JFFS (read about it here https://wiki.dd-wrt.com/wiki/index.php/Journalling_Flash_File_System), 2) store the SmartDNS in a file under JFFS and 3) make the required adjustments. Before proceeding I urge you make a backup of your router settings.

1. Enable JFFS
1.1. Administration. > JFFS2 Support section.
1.2. Click Enable JFFS.
1.3. Click Save.
1.4. Wait couple seconds, then click Apply.
1.5. Wait again. Go back to the Enable JFFS section, and enable Clean JFFS. Do not click "Save". Click Apply instead.
1.6. Wait till you get the web-GUI back, then disable "Clean JFFS" again. Click "Save".
1.7. Reboot router

At this point you should see something like this:



Note: if your total/free aren't similar at this point it means the router didn't have time to clean the JFFS. Repeat the process and wait a little longer between each step.

If you SSH into your router (https://www.mysysadmintips.com/other/web/388-ssh-into-dd-wrt-router-remotely) you should have a new mount point and bunch of folders at /jffs:

Code:
ssh root@192.168.1.1

root@router:~# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                22.8M     22.8M         0 100% /
none                    512.0K         0    512.0K   0% /dev
/dev/mtdblock/5          93.8M      2.3M     91.5M   2% /jffs

root@router:~# ls -la /jffs
total 0
drwxr-xr-x    6 root     root             0 Jan  1  1970 .
drwxr-xr-x   15 root     root           231 Nov 17 19:22 ..
drwxr-xr-x    3 root     root             0 Jan  1  1970 etc
drwxr-xr-x    3 root     root             0 Nov 20 15:35 tmp
drwx------    3 root     root             0 Jan  1  1970 var


2. Now create the file at /jffs/etc/smartdns.conf that will store your SmartDNS config using WinSCP or SSH. Create /jffs/etc/ if it doesn't exist.

Currently those are the contents of my /jffs/etc/smartdns.conf:

Code:
server-name router-name
bind [::]:6053
serve-expired yes
log-size 2K
log-num 1
log-level fatal
log-file /tmp/smartdns.log

server-tls 95.216.24.230:853 -host-name: fi.dot.dns.snopyta.org
server-tls 78.46.244.143:853 -host-name: dot-de.blahdns.com
server-tls 95.216.212.177:853 -host-name: dot-fi.blahdns.com
server-tls 116.202.176.26:853 -host-name: dot.libredns.gr


Note: In a friend's router without IPv6 it seems like "bind [::]:6053" crashes SmartDNS. If you experience this behavior replace it with "bind :6053".

3. With that file in place, go to into Services > Services and change the settings of SmartDNS Resolver and Dnsmasq as follows:



Additional Dnsmasq Options:
Code:
local=/xxxxx/
expand-hosts
domain-needed
stop-dns-rebind
rebind-localhost-ok


Note: at "local=/xxxx/" you should replace xxxx with your router domain or remove the line entirely if you don't use it / know what it is.

3.1. Restart everything and you should have SmartDNS up and running. In order to check this, SSH into the router again and run:

Code:
root@router:~# top -bn1 | grep -m1 smartdns
15548     1 root     S     5180  2.0   1  0.0 smartdns -c /jffs/etc/smartdns.conf


If you get similar output, it means that SmartDNS is running and using your jffs config file.

Now, in your computer, you should be able to load websites and/or resolve DNS requests using your router. In your machine run the command:

Code:
> nslookup.exe google.com
Server:  router-name
Address:  192.168.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  2a00:1450:4001:831::200e
          142.250.184.238


As you can see your computer is getting the IP of "google.com" by using your router that will internally resolve the request using SmartDNS.

Optional (maybe for another day): If you want to force all computers in your network to use your router for DNS:

egc wrote:

(...) consider using "Forced DNS Redirection" (Setup page) setting from the GUI which will intercept all DNS queries and redirect it to the router.


Congratulations you've made it!

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).


Last edited by TCB13 on Wed Nov 24, 2021 12:45; edited 2 times in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12835
Location: Netherlands

PostPosted: Wed Nov 24, 2021 11:17    Post subject: Reply with quote
Thanks for this write up, much appreciated.

One question (for all), and three random thoughts Smile

This thread is in the Atheros forum as it is not Atheros specific maybe I should move it to the Advanced networking Forum?

About the use of JFFS2 (the built-in JFFS to use a part of nvram for permanent storage) if you frequently write to it it will wear out, not the case here as this is just reading but a warning must be in place when using this.

Second and more important is that upgrading when using JFFS2 might brick some routers (at least it did in the past) as the nvram layout is altered it can wreak havoc when upgrading.
I think it usually works but to be safe you can consider disabling JFFS2, reboot after that and then upgrading.
Of course a cumbersome procedure Sad

I myself use an USB stick with jffs but that is just me Smile
You can run scripts at startup from jfss by either using the Save USB option (never tested it though)
Or using a a script from startup which call the scripts on jffs which starts with
Code:
is-mounted.sh /jffs

this will delay the executing of the script until your USB stick with jfss is mounted Smile

Third instead of blocking port 53 you can consider using "Forced DNS Redirection" (Setup page) setting from the GUI which will intercept all DNS queries and redirect it to the router.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2, 3, 4, 5 ... 18, 19, 20  Next Display posts from previous:    Page 4 of 20
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum