Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:dns:stubby [2018/09/14 01:08] – [Installation] note and warning about dhcp and clients sindastradocs:guide-user:services:dns:stubby [2019/04/20 11:41] – links updated vgaetera
Line 1: Line 1:
 ====== Stubby ====== ====== Stubby ======
 +Stubby is an application that acts as a local DNS stub resolver using [[wp>DNS_over_TLS|DNS over TLS]].
 +Stubby encrypts DNS queries sent from a client machine to a DoT-provider increasing end user privacy.
 +Follow [[?do=showtag&tag=DNSCrypt+DoH+DoT|DNS encryption]] to utilize DoT via Stubby.
  
-'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine to a DNS Privacy resolver increasing end user privacy.+===== Overview =====
  
-:!: Stubby is in the early stages of development but is suitable for technical/advanced usersA more generally user-friendly version is on the way!+An unprotected setup without Stubby might look like this: 
 + 
 +|**local**|->|**internet**| 
 +|dnsmasq on 53|->|unencrypted dns on 53| 
 + 
 +A setup protected with Stubby will then look like this: 
 + 
 +|**local**|->|**local**|->|**internet**| 
 +|dnsmasq on 53|->|stubby on 5453|->|encrypted dns on 853| 
 + 
 +We'll basically be putting Stubby in between dnsmasq and the internet, leaving most things untouched so that dnsmasq will continue to work in OpenWrt.
  
 ===== Installation ===== ===== Installation =====
Line 9: Line 22:
   opkg update && opkg install stubby   opkg update && opkg install stubby
  
-The config file is ''/etc/stubby/stubby.yml'' and the default listening port is 5453 (IPv4 and IPv6 on localhost).+===== Configuration =====
  
-You can add ''127.0.0.1#5453'' to the list of DNS servers to forward requests to, so that requests will be forwarded to stubby.+Stubby can be configured directly via ''/etc/stubby/stubby.yml'' or via ''/etc/config/stubby'' when using uci. The [[https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md|README]] within the packages repository contains further information.
  
-To prevent local leaks or delays, make sure stubby is the only server that is being forwarded to, and block TCP and UDP output to port 53 in wan.+The default listening port for stubby is 5453 (IPv4 and IPv6 on localhost). 
 + 
 +You can add ''127.0.0.1#5453'' to the list of DNS servers to forward requests to, so that requests will be forwarded to stubby.
  
 Make sure your router advertises itself as DNS server through DHCP so that clients will benefit from Stubby. Make sure your router advertises itself as DNS server through DHCP so that clients will benefit from Stubby.
  
 :!: Note that this does not prevent clients in LAN to access unencrypted DNS directly (for example if they ignore the advertised router DNS through DHCP, because of a static DNS setting). :!: Note that this does not prevent clients in LAN to access unencrypted DNS directly (for example if they ignore the advertised router DNS through DHCP, because of a static DNS setting).
 +
 +To prevent local leaks or delays, make sure stubby is the only server that is being forwarded to, and block TCP and UDP output to port 53 in wan.
  
 :!: You might want to add ''/etc/stubby/'' to the list of config files that should be preserved on upgrade / backup! :!: You might want to add ''/etc/stubby/'' to the list of config files that should be preserved on upgrade / backup!
 +
 ===== External Links ===== ===== External Links =====
  
   * [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby|Stubby's Website]]   * [[https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby|Stubby's Website]]
   * [[https://github.com/getdnsapi/stubby|Stubby's GitHub repo]]   * [[https://github.com/getdnsapi/stubby|Stubby's GitHub repo]]
  • Last modified: 2023/10/14 06:23
  • by vgaetera