Additional info: I have a USB stick in use mounted on /opt.
The upgrade was successful.
I then tried to use what is available from the GUI and unfortunately I lost DNS resolution once I enabled SmartDNS and I've been informed by @wabe reason is that I don't have a /jffs mount point.
At this point I put SmartDNS on hold and attempt to use stubby. I think I'd prefer stubby to SmartDNS because my main objective is to attain privacy over performance, which SmartDNS seems to have as primary goal.
Attempting to install stubby is where I request some help.
I've got a USB mounted on /opt
I'm stuck installing entaware.
I've ssh to it as root and got to download the installer:
I've attached the failure log. They are permissions errors but before going to fix those, I want to check I'm not making a mistake using the wrong installer.
From the wiki https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware I think I've used the wrong installer.
The wiki says use one link for broadcom and another for dual core router. The Netgear R7000 is a dual core broacom router, so either link is right or wrong.
Anyone can confirm which one should I use?
I've now tried the alternative http://bin.entware.net/armv7sf-k3.2/installer/generic.sh , ran it and no errors.
Clearly that was the correct one.
Note to self: trying to clear out the directories created by the first installer I failed to check it creates some symlinks to system , so I might need to reflash and start again.
I move on to finalising entware and starting with stubby.
You do have "server=127.0.0.1#5453" added at Additional Dnsmasq Options?
And made S61stubby.sh executable, "chmod +x /opt/etc/init.d/S61stubby.sh"?
I only have Validate DNS Replies (DNSSEC) enabled (probably not necessary)
and No DNS Rebind enabled (except on the router running wireguard server).
Nothing on port 853 but yes on 53 with DNSMasq settings as per attachment.
/opt/etc/init.d/S61stubby.sh is already executable by u,g,o - maybe too permisive but I can set it to owner only if required. But for troubleshooting I'll leave it as is.
"server=127.0.0.1#5453" added at Additional Dnsmasq Options? Yes it is.
So it might be as you suspect that stubby isn't working.
Nothing on dmesg and I don't have anything under /opt/var/log
I'm going to try to start stubby from console, see what it shows.
The forum will not let you paste this as it should be. If you copied this from Alozaros guide it will not work.
The line indentations are wrong. It must look as it does in /opt/etc/stubby/stubby.yml.default.
Joined: 18 Nov 2015 Posts: 1543 Location: WCentral Indiana USA
Posted: Tue Jan 05, 2021 20:52 Post subject:
Alozaros has a more advanced config than I because he is the DNS MAN
As you can see I don't have tsl_port in my config.
If it still doesn't work I think the one in the guide in my signature can be c/p correctly.
It has no ipv6 or quad9 and others you don't want can be commented.
What is not complete is the interaction with DNSMasq. I still can only resolve names with #no-resolv in the Additional Dnsmasq Options. I'm not sure yet if I need it but with stubby running now, and that option selected, all "works" , except the checks on https://www.cloudflare.com/en-gb/ssl/encrypted-sni/ tell me I have DNS SEC but no Secure DNS which is the purpose of setting stubby up.
Tomorrow I continue,
Thank you for your guidance.
whatever comes via port 853 means is working...
in order to test it with cloudflare test, your first resolver in stubby config must be clouflare...
there are other ways to test it, but it requires you to operate with stubby debug options...
finally .yml config file for stubby is very touchy on intervals(very dependant), so stick to the default file and edit only those values you'd need, as copy paste all the .yml config from the forum may not work at all... _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 45849 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45849 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 45849 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Netgear R7800 -----DD-WRT 45859 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Netgear R7000 -----DD-WRT 45859 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
Stubby for DNS over TLS I DNSCrypt v2 by mac913