Posted: Mon Mar 18, 2024 17:40 Post subject: [SPLIT] Close But Cannot get Stubby Working
Router PITA - RT-AC68U C1 & A1 (using C1 with working usb) fw ver r55109.
Installed entware using this howto https://github.com/Lanchon/ddwrt-secure-entware. Entware installed ok but stubby would only work on port 53 in tcpdump. Wiped /opt and started over 3 times. The last entare errored out on install so I opted to use the http site for entware install.
Currently stubby will only work with this default config.
--------
# Note: by default on OpenWRT stubby configuration is handled via
# the UCI system and the file /etc/config/stubby. If you want to
# use this file to configure stubby, then set "option manual '1'"
# in /etc/config/stubby.
resolution_type: GETDNS_RESOLUTION_STUB
round_robin_upstreams: 1
appdata_dir: "/opt/var/lib/stubby"
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private: 1
idle_timeout: 10000
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
dns_transport_list:
- GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
#back up file org config working
But it will not work when quad9 is added in..
------
# Note: by default on OpenWRT stubby configuration is handled via
# the UCI system and the file /etc/config/stubby. If you want to
# use this file to configure stubby, then set "option manual '1'"
# in /etc/config/stubby.
resolution_type: GETDNS_RESOLUTION_STUB
round_robin_upstreams: 1
appdata_dir: "/opt/var/lib/stubby"
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private: 1
idle_timeout: 10000
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
dns_transport_list:
- GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
- address_data: 9.9.9.9
tls_auth_name: "dns.quad9.net"
- address_data: 2620:fe:fe
tls_auth_name: "dns.quad9.net"
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
I have looked at this for hours and see no issue but it will only work with the original config above..
and to answer why I don not use the smart dns in the cli - have tried with that as well, so conclusion is there is something a miss with this router.. from the various threads it should not be this difficult to set up.
Fresh eyes on the above or any help wold be much appreciated.
Posted: Mon Mar 18, 2024 18:53 Post subject: Thank You
Will the stubby.yml files suffice. They look the same to me, even when I inserted quad9 details with nano and made sure they were lined up correctly (lost that bet). I will see if dd-wrt will let me up load - last time the log files did not post..
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Mar 18, 2024 19:03 Post subject:
as the others noted, spacing is vital for stubby .yml config..
here is my old quad9 config... do notice there are few extra lines that are must for stubby to operate correctly
Code:
# Note: by default on OpenWRT stubby configuration is handled via
# the UCI system and the file /etc/config/stubby. If you want to
# use this file to configure stubby, then set "option manual '1'"
# in /etc/config/stubby.
resolution_type: GETDNS_RESOLUTION_STUB
round_robin_upstreams: 1
appdata_dir: "/opt/var/lib/stubby"
tls_ca_path: "/opt/etc/ssl/certs"
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_min_version: GETDNS_TLS1_3
tls_query_padding_blocksize: 128
edns_client_subnet_private: 1
idle_timeout: 10000
tls_connection_retries: 1
listen_addresses:
- 127.0.0.1@5053
dns_transport_list:
- GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 9.9.9.9
tls_auth_name: "dns.quad9.net"
tls_port: 853
- address_data: 149.112.112.112
tls_auth_name: "dns.quad9.net"
tls_port: 853
_________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Mar 18, 2024 19:31 Post subject:
so, if you just copy paste my config, make sure in DNSmasq you have
no-resolv
server=127.0.0.1#5053
I just tested this config it is working...
Unless your ISP is blocking 9.9.9.9....
also i dont mix clouflare with other resolvers...its either one or another
as both have a different filtering policy's
and yes sometimes when you clear .yml config and paste another it wont work...so manually edit/add all lines that are needed or contain different data make sure you wont screw the spacing.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Mar 18, 2024 20:49 Post subject:
yeap people are rushy and never spend time to research and read...all need to be in a one go, otherwise its not fun...anymore...if its not on the first page nobody goes to the last
I can see some oddys of people still posting, how to use SmartDNS in DDWRT old way....via usb and ect...
good luck to them ....
stillaround2024 I can see that you still didn't read Stubby guide in my signature or bushant signature, nor follow my config advise...
those lines are must...
first line is the path to ssl certs, that are needed for verification and ect.
second line is to force stubby to use tls 1.3 only...
default config is very bear...anyway...
Stubby and SmartDNS are working as intended...read the guides... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913