Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:dot_dnsmasq_stubby [2021/08/15 17:45] – unify headers vgaetera | docs:guide-user:services:dns:dot_dnsmasq_stubby [2024/04/15 19:55] – [Command-line instructions] Add user guide reference. jbrossard | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== DoT with Dnsmasq and Stubby ====== | ====== DoT with Dnsmasq and Stubby ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| Line 11: | Line 11: | ||
| ===== Command-line instructions ===== | ===== Command-line instructions ===== | ||
| - | Install the packages | + | Install the required |
| + | Enable | ||
| <code bash> | <code bash> | ||
| Line 19: | Line 20: | ||
| # Enable DNS encryption | # Enable DNS encryption | ||
| - | / | + | service |
| uci set dhcp.@dnsmasq[0].noresolv=" | uci set dhcp.@dnsmasq[0].noresolv=" | ||
| uci -q delete dhcp.@dnsmasq[0].server | uci -q delete dhcp.@dnsmasq[0].server | ||
| - | uci get stubby.global.listen_address \ | + | uci -q get stubby.global.listen_address \ |
| | sed -e " | | sed -e " | ||
| | while read -r STUBBY_SERV | | while read -r STUBBY_SERV | ||
| do uci add_list dhcp.@dnsmasq[0].server=" | do uci add_list dhcp.@dnsmasq[0].server=" | ||
| done | done | ||
| + | |||
| + | # Disable local use of dnsmasq/ | ||
| + | # to be UP during boot or just right after boot because of the race | ||
| + | # condition with SYSNTPd service. | ||
| + | # [[: | ||
| + | uci set dhcp.@dnsmasq[0].localuse=" | ||
| + | |||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| </ | </ | ||
| Line 36: | Line 44: | ||
| ===== Testing ===== | ===== Testing ===== | ||
| {{section> | {{section> | ||
| + | |||
| + | ===== Alternate Testing sites ===== | ||
| + | * https:// | ||
| + | * https:// | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 42: | Line 54: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||
| Line 65: | Line 77: | ||
| Stubby is configured with Cloudflare DNS by default. | Stubby is configured with Cloudflare DNS by default. | ||
| You can change it to Google DNS or any other [[wp> | You can change it to Google DNS or any other [[wp> | ||
| - | Make sure the resolvers | + | Use resolvers |
| Specify several resolvers to improve fault tolerance. | Specify several resolvers to improve fault tolerance. | ||
| Line 71: | Line 83: | ||
| # Configure DoT provider | # Configure DoT provider | ||
| while uci -q delete stubby.@resolver[0]; | while uci -q delete stubby.@resolver[0]; | ||
| - | uci set stubby.dns6a=" | + | uci add stubby resolver |
| - | uci set stubby.dns6a.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6a.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dns6b=" | + | uci add stubby resolver |
| - | uci set stubby.dns6b.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6b.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsa=" | + | uci add stubby resolver |
| - | uci set stubby.dnsa.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsa.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsb=" | + | uci add stubby resolver |
| - | uci set stubby.dnsb.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsb.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||
| Line 95: | Line 107: | ||
| uci set dhcp.@dnsmasq[0].proxydnssec=" | uci set dhcp.@dnsmasq[0].proxydnssec=" | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| uci set stubby.global.appdata_dir="/ | uci set stubby.global.appdata_dir="/ | ||
| uci set stubby.global.dnssec_return_status=" | uci set stubby.global.dnssec_return_status=" | ||
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||