Menu
What's new
By:
Filters Better Search

Customize stubby.yml

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

lost_

New Around Here
I understand the privacy implication, but I'd like to send the subnet EDNS in the DoT queries. I'm using Quad9 9.9.9.11 (ECS enabled).

It seems that is controlled by this line in /etc/stubby/stubby.yml

edns_client_subnet_private: 1

How do I permanently either remove this line, or set it to 0?
 
Thanks Colin! Forgot about that directory.

For those who want to configure DoT the same way:

cat /jffs/scripts/stubby.postconf
Code: 
#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "edns_client_subnet_private: 1" "edns_client_subnet_private: 0" $CONFIG

With this, my subnet is provided to Quad9 (which I'm fine with and they don't log). The resolved hosts are now the ones closest to me. I've tested with and without EDNS. Without EDNS, facebook resolved to the one in California (33 ms), and with it, it's the one in Virginia (10 ms). YMMV.

(In WAN page, set DNS over TLS to 9.9.9.11 and hostname dns11.quad9.net. In LAN, set DNSFilter to router or however you need it)
 
Last edited:
In /jffs/scripts create file stubby.postconf with contents:
Code: 
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "edns_client_subnet_private: 1" "edns_client_subnet_private: 0" $CONFIG
Change properties of the file to 755

Here are changes I make:
Code: 
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "round_robin_upstreams: 1" "round_robin_upstreams: 0" $CONFIG
pc_insert "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" "dnssec_return_status: GETDNS_EXTENSION_TRUE" $CONFIG
The last line enables DNSSEC validation to be done by Stubby. With this enabled disable DNSSEC in the router WAN settings.
 
I'm trying to do this exact thing with a RT-AX86U-PRO running ASUSWRT. It seems that it's only possible with Merlin, unless I'm doing something wrong?

Sorry to bump this old thread.
 
Hi,
I have now set this up for my Asus AX86U with Asuswrt-Merlin as described here.

Created a “stubby.postconf” in the “scripts” folder with the rights “755”. Then set up my preferred DNS provider under “WAN - Internet Connection - WAN DNS Settings” and set my devices to “Router” under “Global Redirection” under “LAN - DNS Director”.

Is this correct and how do I know if it works?
 
AsusFreak said:
Hi,
I have now set this up for my Asus AX86U with Asuswrt-Merlin as described here.

Created a “stubby.postconf” in the “scripts” folder with the rights “755”. Then set up my preferred DNS provider under “WAN - Internet Connection - WAN DNS Settings” and set my devices to “Router” under “Global Redirection” under “LAN - DNS Director”.

Is this correct and how do I know if it works?
Click to expand...
https://www.dnscheck.tools/ will tell you
 
You must log in or register to reply here.

Similar threads

StrikerXXX
Correct way to configure quad9 dns in EDNS/ECS
Replies
0
Views
3K
StrikerXXX
StrikerXXX
wordlesswind
DNS over TLS & EDNS Client Subnet
Replies
6
Views
2K
wordlesswind
wordlesswind
M
WAN DNS setting Quad9 not working?
Replies
1
Views
2K
bbunge
bbunge
C
Trying to understand how dns resolution is working behind the scene with dns privacy on
Replies
9
Views
2K
aolone
A
M
Asus ZenWifi AX Regularly Loses Internet Connection For All Devices
Replies
3
Views
4K
OzarkEdge
OzarkEdge

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 537 (members: 13, guests: 524)
Top