Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:doh_dnsmasq_https-dns-proxy [2020/06/15 19:50] – [Instructions] vgaetera | docs:guide-user:services:dns:doh_dnsmasq_https-dns-proxy [2022/09/15 18:01] – [DoH provider] add Issues section account4538 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== |
| {{section> | {{section> | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This how-to describes the method for setting up [[wp> | * This how-to describes the method for setting up [[wp> | ||
| - | * It relies on [[docs: | + | * It relies on [[docs: |
| - | * Follow [[docs: | + | * Follow [[docs: |
| ===== Goals ===== | ===== Goals ===== | ||
| {{section> | {{section> | ||
| - | ===== Instructions | + | ===== Command-line instructions |
| - | Install the packages | + | Install the required |
| + | DNS encryption should be enabled | ||
| <code bash> | <code bash> | ||
| # Install packages | # Install packages | ||
| opkg update | opkg update | ||
| - | opkg install | + | opkg install https-dns-proxy |
| </ | </ | ||
| - | LAN clients | + | LAN clients should use Dnsmasq as a primary resolver. |
| Dnsmasq forwards DNS queries to https-dns-proxy which encrypts DNS traffic. | Dnsmasq forwards DNS queries to https-dns-proxy which encrypts DNS traffic. | ||
| - | |||
| ===== Testing ===== | ===== Testing ===== | ||
| Line 30: | Line 30: | ||
| <code bash> | <code bash> | ||
| - | # Restart | + | # Restart services |
| / | / | ||
| # Log and status | # Log and status | ||
| logread -e dnsmasq; netstat -l -n -p | grep -e dnsmasq | logread -e dnsmasq; netstat -l -n -p | grep -e dnsmasq | ||
| - | logread -e https-dns-proxy; netstat -l -n -p | grep -e https-dns | + | logread -e https-dns; netstat -l -n -p | grep -e https-dns |
| # Runtime configuration | # Runtime configuration | ||
| - | pgrep -f -a dnsmasq; pgrep -f -a https-dns-proxy | + | pgrep -f -a dnsmasq; pgrep -f -a https-dns |
| + | head -v -n -0 / | ||
| # Persistent configuration | # Persistent configuration | ||
| Line 46: | Line 47: | ||
| ===== Extras ===== | ===== Extras ===== | ||
| ==== Web interface ==== | ==== Web interface ==== | ||
| - | Install the necessary packages if you want to manage the settings | + | If you want to manage the settings |
| + | Install the necessary packages. | ||
| <code bash> | <code bash> | ||
| Line 52: | Line 54: | ||
| opkg update | opkg update | ||
| opkg install luci-app-https-dns-proxy | opkg install luci-app-https-dns-proxy | ||
| + | / | ||
| </ | </ | ||
| - | * Navigate to **[[http:// | + | * Navigate to **LuCI -> Network -> DHCP and DNS** to configure Dnsmasq. |
| - | * Navigate to **[[http:// | + | * Navigate to **LuCI -> Services -> HTTPS DNS Proxy** to configure https-dns-proxy. |
| ==== DoH provider ==== | ==== DoH provider ==== | ||
| https-dns-proxy is configured with Google DNS and Cloudflare DNS by default. | https-dns-proxy is configured with Google DNS and Cloudflare DNS by default. | ||
| - | You can change it Google DNS or any other [[wp> | + | You can change it to Google DNS or any other [[wp> |
| - | Make sure the provider supports | + | Use resolvers supporting |
| - | Specify several | + | Specify several |
| <code bash> | <code bash> | ||
| Line 75: | Line 78: | ||
| </ | </ | ||
| + | ===== Issues ===== | ||
| + | |||
| + | If you are using the configurable NextDNS.io (paid subscription), | ||
| + | |||
| + | Put your private DNS-over-HTTPS resolver endpoint (found in " | ||
| + | |||
| + | LuCI will now erroneously show the wrong resolver in '' | ||
| + | |||
| + | If you make any changes for https-dns-proxy in LuCI it will overwrite your private resolver so you will need to manually enter it again. | ||