Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:stubby [2018/09/13 23:17] – typo sindastra | docs:guide-user:services:dns:stubby [2019/04/20 11:41] – links updated vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Stubby ====== | ====== Stubby ====== | ||
| + | Stubby is an application that acts as a local DNS stub resolver using [[wp> | ||
| + | Stubby encrypts DNS queries sent from a client machine to a DoT-provider increasing end user privacy. | ||
| + | Follow [[? | ||
| - | ' | + | ===== Overview ===== |
| - | :!: Stubby | + | An unprotected setup without Stubby might look like this: |
| + | |||
| + | |**local**|-> | ||
| + | |dnsmasq on 53|-> | ||
| + | |||
| + | A setup protected with Stubby will then look like this: | ||
| + | |||
| + | |**local**|-> | ||
| + | |dnsmasq on 53|-> | ||
| + | |||
| + | We'll basically be putting | ||
| ===== Installation ===== | ===== Installation ===== | ||
| opkg update && opkg install stubby | opkg update && opkg install stubby | ||
| + | |||
| + | ===== Configuration ===== | ||
| + | |||
| + | Stubby can be configured directly via ''/ | ||
| + | |||
| + | The default listening port for stubby is 5453 (IPv4 and IPv6 on localhost). | ||
| + | |||
| + | You can add '' | ||
| + | |||
| + | Make sure your router advertises itself as DNS server through DHCP so that clients will benefit from Stubby. | ||
| + | |||
| + | :!: Note that this does not prevent clients in LAN to access unencrypted DNS directly (for example if they ignore the advertised router DNS through DHCP, because of a static DNS setting). | ||
| + | |||
| + | To prevent local leaks or delays, make sure stubby is the only server that is being forwarded to, and block TCP and UDP output to port 53 in wan. | ||
| + | |||
| + | :!: You might want to add ''/ | ||
| ===== External Links ===== | ===== External Links ===== | ||