Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:dot_dnsmasq_stubby [2020/08/07 15:18] – [Instructions] vgaetera | docs:guide-user:services:dns:dot_dnsmasq_stubby [2024/04/15 19:55] – [Command-line instructions] Add user guide reference. jbrossard | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== |
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This how-to describes the method for setting up [[wp> | * This how-to describes the method for setting up [[wp> | ||
| * It relies on [[docs: | * It relies on [[docs: | ||
| - | * Follow [[docs: | + | * Follow [[docs: |
| ===== Goals ===== | ===== Goals ===== | ||
| {{section> | {{section> | ||
| - | ===== Instructions | + | ===== Command-line instructions |
| - | Install the packages | + | Install the required |
| + | Enable | ||
| <code bash> | <code bash> | ||
| # Install packages | # Install packages | ||
| opkg update | opkg update | ||
| - | opkg install | + | opkg install stubby |
| # Enable DNS encryption | # Enable DNS encryption | ||
| + | service dnsmasq stop | ||
| + | uci set dhcp.@dnsmasq[0].noresolv=" | ||
| uci -q delete dhcp.@dnsmasq[0].server | uci -q delete dhcp.@dnsmasq[0].server | ||
| - | uci get stubby.global.listen_address \ | + | uci -q get stubby.global.listen_address \ |
| | sed -e " | | sed -e " | ||
| | while read -r STUBBY_SERV | | while read -r STUBBY_SERV | ||
| Line 26: | Line 29: | ||
| done | done | ||
| - | # Enforce DNS encryption | + | # Disable local use of dnsmasq/ |
| - | uci set dhcp.@dnsmasq[0].noresolv="1" | + | # to be UP during boot or just right after boot because of the race |
| + | # condition with SYSNTPd service. | ||
| + | # [[: | ||
| + | uci set dhcp.@dnsmasq[0].localuse="0" | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| </ | </ | ||
| Line 37: | Line 44: | ||
| ===== Testing ===== | ===== Testing ===== | ||
| {{section> | {{section> | ||
| + | |||
| + | ===== Alternate Testing sites ===== | ||
| + | * https:// | ||
| + | * https:// | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 42: | Line 53: | ||
| <code bash> | <code bash> | ||
| - | # Restart | + | # Restart services |
| - | / | + | service |
| # Log and status | # Log and status | ||
| Line 51: | Line 62: | ||
| # Runtime configuration | # Runtime configuration | ||
| pgrep -f -a dnsmasq; pgrep -f -a stubby | pgrep -f -a dnsmasq; pgrep -f -a stubby | ||
| + | head -v -n -0 / | ||
| # Persistent configuration | # Persistent configuration | ||
| Line 58: | Line 70: | ||
| ===== Extras ===== | ===== Extras ===== | ||
| ==== Web interface ==== | ==== Web interface ==== | ||
| - | If you want to manage the settings | + | If you want to manage the settings |
| - | Navigate to **[[http:// | + | Navigate to **LuCI -> Network -> DHCP and DNS** to configure Dnsmasq. |
| ==== DoT provider ==== | ==== DoT provider ==== | ||
| Stubby is configured with Cloudflare DNS by default. | Stubby is configured with Cloudflare DNS by default. | ||
| - | You can change it to Google DNS or any other [[wp> | + | You can change it to Google DNS or any other [[wp> |
| - | Make sure the provider supports | + | Use resolvers supporting |
| - | Specify several | + | Specify several |
| <code bash> | <code bash> | ||
| # Configure DoT provider | # Configure DoT provider | ||
| while uci -q delete stubby.@resolver[0]; | while uci -q delete stubby.@resolver[0]; | ||
| - | uci set stubby.dns6a=" | + | uci add stubby resolver |
| - | uci set stubby.dns6a.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6a.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dns6b=" | + | uci add stubby resolver |
| - | uci set stubby.dns6b.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6b.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsa=" | + | uci add stubby resolver |
| - | uci set stubby.dnsa.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsa.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsb=" | + | uci add stubby resolver |
| - | uci set stubby.dnsb.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsb.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||
| ==== DNSSEC validation ==== | ==== DNSSEC validation ==== | ||
| Enforce [[wp> | Enforce [[wp> | ||
| - | Beware of performance issues. | + | Beware of fault tolerance and performance issues. |
| <code bash> | <code bash> | ||
| Line 95: | Line 107: | ||
| uci set dhcp.@dnsmasq[0].proxydnssec=" | uci set dhcp.@dnsmasq[0].proxydnssec=" | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| uci set stubby.global.appdata_dir="/ | uci set stubby.global.appdata_dir="/ | ||
| uci set stubby.global.dnssec_return_status=" | uci set stubby.global.dnssec_return_status=" | ||
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||