Jun 9, 2022

Configuring DNS over TLS in OpenWRT

  DNS over TLS (Transport Layer Security) or “DoT” is an IETF standard that provides full-stream encryption between a DNS client and a DNS server.
  1. Log into LuCI at http://192.168.1.1/cgi-bin/luci/ 80, go to System -> Software, and hit the Update Lists button.
  2. Filter down to find the package called "stubby", and click the Install button. 
  3. Go to System -> Startup, find stubby, and click the Start button. Also set stubby to "Enabled" on this same screen.
  4. Under Network -> DHCP and DNS, click the "Resolv and Hosts Files" tab, and put a check mark next to "Ignore resolve file". Press Save & Apply.
  5. Under Network -> DHCP and DNS, click the "General Settings" tab, set the "DNS forwardings" list to 0::1#5453 and 127.0.0.1#5453.
  6. Go to System -> Startup, find "dnsmasq" and click "Restart".
  7. Go to Network -> Interfaces, uncheck Use DNS servers advertised by peers for wan and wan6, and input the respective custom dns servers 192.168.1.1 and 0::1

To verify the updates:

You can go to https://www.cloudflare.com/ssl/encrypted-sni/ and press "Check My Browser". You should see green check marks for "Secure DNS" and "DNSSEC".

 

Also visit https://1.1.1.1/help you will see

links: https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq_stubby

By at
Labels: , , ,