Prevent DNS Leaks 2) Under "Network Setup" change "Local DNS" to your Router-IP (ex. 192.168.1.1)
and
MomenMamdouh wrote:
Basic AGH setup
1- Let's Make AGH the primary DNS resolver instead of dnsmasq and/or unbound, this will improve DNS performance, and it enable AGH to use port 53 exclusively. To do that go to "Setup page > Dynamic Host Configuration Protocol (DHCP)" and untick "Use dnsmasq for DNS"
and
MomenMamdouh wrote:
2- Go to "Service page > Dnsmasq Infrastructure > Additional Options" and add the following inside the box
If you add a DNS server in the Basic Setup and deactivate "Use dnsmasq for DNS" then the entry "dhcp-option=6,192.168.1.1" is automatically added.
The entry is therefore redundant and the entry in the "Additional Options" can be removed
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Feb 16, 2024 14:17 Post subject:
marcus83 wrote:
perhaps we should remove the configuration in the additional options... but let's see what it tells us @MomenMamdouh
well, his stuff is very "unready to use and untested" so, you do the testing/fiddling bit along with him...better do what ever is correct... isnt it... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
perhaps we should remove the configuration in the additional options... but let's see what it tells us @MomenMamdouh
well, his stuff is very "unready to use and untested" so, you do the testing/fiddling bit along with him...better do what ever is correct... isnt it...
mmmm, then you can create a correct guide.. why @MomenMamdouh would he write things that wouldn't be good?! I think he's a person who knows what he's saying.
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Fri Feb 16, 2024 14:29 Post subject:
marcus83 wrote:
mmmm, then you can create a correct guide.. why @MomenMamdouh would he write things that wouldn't be good?! I think he's a person who knows what he's saying.
mmmm, then you can create a correct guide.. why @MomenMamdouh would he write things that wouldn't be good?! I think he's a person who knows what he's saying.
We all agree that @MomenMamdouh is very enthusiastic
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Feb 16, 2024 16:49 Post subject:
marcus83 wrote:
ho1Aetoo wrote:
Has nothing at all to do with the mac address or the device.
You also get the dhcp option 6 message with every other client and I have already written above why this is the case
before removing the additional DNSMasq option, let's hear what the thread creator says
well...it took 19 pages WIP for SmartDNS to settle down... (proven, working solution)...so, few more to go... as they say, "good things take time"... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Fri Feb 16, 2024 16:56 Post subject:
The local DNS server option tells dnsmasq what resolver to use for local dns, the option 6 tells what option to hand out to clients, and un-ticking use dnsmasq for DNS seals the deal on breaking things, because the other two are telling dnsmasq what to do. At least that is what I am surmising by sir @ho1Aetoo's comments. This may work fine on pre-removal of udhcpd as DHCP server, but it seems there is a conflict between AGH and dnsmasq, and since the latter is the ONLY dhcp server in use, then something in this configuration suggestion needs to be corrected. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
The local DNS server option tells dnsmasq what resolver to use for local dns, the option 6 tells what option to hand out to clients, and un-ticking use dnsmasq for DNS seals the deal on breaking things, because the other two are telling dnsmasq what to do. At least that is what I am surmising by sir @ho1Aetoo's comments. This may work fine on pre-removal of udhcpd as DHCP server, but it seems there is a conflict between AGH and dnsmasq, and since the latter is the ONLY dhcp server in use, then something in this configuration suggestion needs to be corrected.
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Fri Feb 16, 2024 17:40 Post subject:
The local DNS server option is usually left blank if the router itself is providing local dns ("expand-hosts"). DHCP Option 6 provides a framework for passing DNS server IP addresses to hosts on a network (and is usually unnecessary). The only time you use no-resov is when you are passing addresses that aren't the router IP AFAIK.
The local DNS server option is usually left blank if the router itself is providing local dns ("expand-hosts"). DHCP Option 6 provides a framework for passing DNS server IP addresses to hosts on a network (and is usually unnecessary). The only time you use no-resov is when you are passing addresses that aren't the router IP AFAIK.
So, again, something needs to be corrected before we add too many more pages to this thread.
so in conclusion do you think that we need to remove the router's local DNS, plus the additional DNSMasq option?
so i can explain it again but i doubt that you understand it
the default setting is "Use dnsmasq for DNS".
This setting does 3 things.
1. in the resolv.conf the ip-address of the router is written (for local DNS)
2. dnsmasq is started as a dns forwarder at 127.0.0.1:53
3. all clients receive the address of the router as DNS server via DHCP.
However, this is not desirable for this setup, so "Use dnsmasq for DNS" is deactivated.
This has the following effect.
1. the ip address of the DNS server configured in "basic Setup" is written to resolv.conf (for local dns)
2. dnsmasq is not started as a forwarder on 127.0.0.1:53
3. all clients receive the addresses of the DNS servers entered as "local dns" or "static dns" via DHCP.
Once again, the setting (dhcp-option=6,192.168.1.1) in "Additional Options" is redundant and superfluous.
Do not remove the entry under "local DNS" as this will result in no DNS server being configured in "resolv.conf" and the router having no local DNS.