Check/Search for Unbound maybe that can work, Dont think Stubby installer works with the 86u yetHello,
Is it possible to setup Cloudflare as DNS over TLS on 86u router with Merlin firmware? if so how please?
Thanks,
Now it works.Check/Search for Unbound maybe that can work, Dont think Stubby installer works with the 86u yet
Hello,
Is it possible to setup Cloudflare as DNS over TLS on 86u router with Merlin firmware? if so how please?
Thanks,
I envision having the Global Filter Mode option Cloudflare HTTPS (or 1.1.1.1 HTTPS) listed/available with those other 5 options currently there. The router code handles HTTPS required with Cloudflare's servers. Maybe TLS option as well but probably only need one.
So, the local network clients wouldn't change anything, the router admin simply would select Cloudflare HTTPS under DNSFilter Global Filter Mode. Cloudflare's servers are public and free so don't need to have an account and DNSOMatic with OpenDNS.
I'd be fine with a Cloudflare TLS | Cloudflare DoT option instead of a HTTPS / DoH option. Firefox only supports HTTPS but I didn't even realize the 1.1.1.1 android app supports both.
I'll read up on why DoT may be better and switch accordingly.
Regardless, the router would handle this. The local client's would be configured as they are now with the router intercepting the requests (except the phones/tablets running the 1.1.1.1 app).
Thank you, Can you please tell me how to install it? should I use the same method mentioned in the first topic of the quoted thread to have it installed on my 86u?
opkg remove stubby --autoremove
opkg install /path/getdns_1.5.0-tls1.3_aarch64-3.10.ipk
opkg install /path/stubby_0.2.4-tls1.3_aarch64-3.10.ipk
opkg install fake-hwclock haveged
#!/bin/sh
ENABLED=yes
PROCS=stubby
ARGS="-C /opt/etc/stubby/stubby.yml"
PREARGS="nohup"
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func
#NOTE: See '/etc/stubby/stubby.yml.default' for original config file and descriptions
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 10000
listen_addresses:
- 127.0.0.1@5453
# - 0::1@5453
upstream_recursive_servers:
# IPv6 addresses
# # Cloudflare IPv6
# - address_data: 2606:4700:4700::1111
# tls_auth_name: "cloudflare-dns.com"
# # Quad 9 IPv6
# - address_data: 2620:fe::10
# tls_auth_name: "dns.quad9.net"
# IPv4 addresses
# # Cloudflare servers
- address_data: 1.1.1.1,
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.0.0.1,
tls_auth_name: "cloudflare-dns.com"
# Quad 9 service
# - address_data: 9.9.9.10
# tls_auth_name: "dns.quad9.net"
no-resolv
server=127.0.0.1#5453
echo "cru a SaveSystemTime \"0 * * * * /opt/bin/fake-hwclock\"" >> /jffs/scripts/services-start
cru a SaveSystemTime "0 * * * * /opt/bin/fake-hwclock"
/opt/etc/init.d/S01fake-hwclock stop
/opt/etc/init.d/S02haveged start
/opt/etc/init.d/S61stubby start
service restart_dnsmasq
Code:opkg install stubby fake-hwclock opkg install /path/getdns_1.4.2-1a_aarch64-3.10.ipk
So I tried above and I get this:
Code:@RT-AC86U-99A8:/tmp/home/root# opkg install /path/getdns_1.4.2-1a_aarch64-3.10.ipk Collected errors: * wfopen: /path/getdns_1.4.2-1a_aarch64-3.10.ipk: No such file or directory. * pkg_init_from_file: Failed to extract control file from /path/getdns_1.4.2-1a_aarch64-3.10.ipk.
Any idea what I am doing wrong. Again, I installed Stubby first and now I am following these steps to apply the patch. Was able to add all other steps with no issues.
Thank you
Keep in mind that the resolver test for DNSSEC only tests that the resolver you use is able to do DNSSEC. Cloudflare has a test for DoT and DoH but as soon as you add DNSSEC the test fails.
path mean location of ipk file lol.
e.g.) opkg install /opt/getdns_1.4.2-1a_aarch64-3.10.ipk
opkg install /mnt/sda1/~~~~/getdns_1.4.2-1a_aarch64-3.10.ipk
Are you meaning DNS settings in LAN tab?To clarify....after a successful installation of Stubby, do the DNS settings stay as:
DNS 1 = router’s IP
DNS = null ?
Sent from my iPhone using Tapatalk
No, the DNS settings under the WAN tab (Automatically connect to the DNS servers Yes or No).
Sent from my iPhone using Tapatalk
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!