Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:dot_dnsmasq_stubby [2022/03/23 16:04] – [Command-line instructions] lastedit | docs:guide-user:services:dns:dot_dnsmasq_stubby [2024/04/15 19:55] – [Command-line instructions] Add user guide reference. jbrossard | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== DoT with Dnsmasq and Stubby ====== | ====== DoT with Dnsmasq and Stubby ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| Line 20: | Line 20: | ||
| # Enable DNS encryption | # Enable DNS encryption | ||
| - | / | + | service |
| uci set dhcp.@dnsmasq[0].noresolv=" | uci set dhcp.@dnsmasq[0].noresolv=" | ||
| - | uci set dhcp.@dnsmasq[0].localuse=" | ||
| uci -q delete dhcp.@dnsmasq[0].server | uci -q delete dhcp.@dnsmasq[0].server | ||
| - | uci get stubby.global.listen_address \ | + | uci -q get stubby.global.listen_address \ |
| | sed -e " | | sed -e " | ||
| | while read -r STUBBY_SERV | | while read -r STUBBY_SERV | ||
| do uci add_list dhcp.@dnsmasq[0].server=" | do uci add_list dhcp.@dnsmasq[0].server=" | ||
| done | done | ||
| + | |||
| + | # Disable local use of dnsmasq/ | ||
| + | # to be UP during boot or just right after boot because of the race | ||
| + | # condition with SYSNTPd service. | ||
| + | # [[: | ||
| + | uci set dhcp.@dnsmasq[0].localuse=" | ||
| + | |||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| </ | </ | ||
| Line 48: | Line 54: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||
| Line 77: | Line 83: | ||
| # Configure DoT provider | # Configure DoT provider | ||
| while uci -q delete stubby.@resolver[0]; | while uci -q delete stubby.@resolver[0]; | ||
| - | uci set stubby.dns6a=" | + | uci add stubby resolver |
| - | uci set stubby.dns6a.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6a.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dns6b=" | + | uci add stubby resolver |
| - | uci set stubby.dns6b.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dns6b.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsa=" | + | uci add stubby resolver |
| - | uci set stubby.dnsa.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsa.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| - | uci set stubby.dnsb=" | + | uci add stubby resolver |
| - | uci set stubby.dnsb.address=" | + | uci set stubby.@resolver[-1].address=" |
| - | uci set stubby.dnsb.tls_auth_name=" | + | uci set stubby.@resolver[-1].tls_auth_name=" |
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||
| Line 101: | Line 107: | ||
| uci set dhcp.@dnsmasq[0].proxydnssec=" | uci set dhcp.@dnsmasq[0].proxydnssec=" | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| uci set stubby.global.appdata_dir="/ | uci set stubby.global.appdata_dir="/ | ||
| uci set stubby.global.dnssec_return_status=" | uci set stubby.global.dnssec_return_status=" | ||
| uci commit stubby | uci commit stubby | ||
| - | / | + | service |
| </ | </ | ||