EmeraldDeer
Very Senior Member
I just sent a kill -SIGTERM to my stubby process and it did go down.It comes from this discussion when restarting Stubby interactively.
Info: Stubby 0.2.3 (latest) is on entware.
I just sent a kill -SIGTERM to my stubby process and it did go down.It comes from this discussion when restarting Stubby interactively.
Info: Stubby 0.2.3 (latest) is on entware.
I had to search thru the old posts myself to make sure. @dave14305 posted the link to the thread. In summary...
You have to bounce Stubby after making the change to stubby.yml.Hey guys,
I need some advice. So I installed Stubby and changed the DNS IPs from Cloudflare in the stubby.yml file to another DNS provider (dismail.de who also supports DNS-over-TLS). However, doing a DNS check online it always shows Cloudflare as my current DNS server.
During the install I set Cache DNSSEC Authenticated Data (proxy-dnssec) to No.
Any hints on how to solve that?
/opt/etc/init.d/S61stubby restart
Copy and paste DNS server part of the .yml here so I can see how you have it set up.Hey guys,
I need some advice. So I installed Stubby and changed the DNS IPs from Cloudflare in the stubby.yml file to another DNS provider (dismail.de who also supports DNS-over-TLS). However, doing a DNS check online it always shows Cloudflare as my current DNS server.
During the install I set Cache DNSSEC Authenticated Data (proxy-dnssec) to No.
Any hints on how to solve that?
You have to bounce Stubby after making the change to stubby.yml.
Code:/opt/etc/init.d/S61stubby restart
The format of the DNS servers is not exactly like the original .yml and it has to or it doesn't work.
This is the original spacing:Thanks skeal. What exactly do you mean, as I simply just replaced their IP addresses and tls auth name.
upstream_recursive_servers:
# Quad 9 Secure Primary
# - address_data: 9.9.9.9
# tls_auth_name: "dns.quad9.net"
# Quad 9 Secure Primary
# - address_data: 2620:fe::fe
# tls_auth_name: "dns.quad9.net"
# Cloudflare Primary IPv4
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv4
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Primary IPv6
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv6
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
This is the original spacing:
Notice the space difference between the address data and the tls auth name.Code:upstream_recursive_servers: # Quad 9 Secure Primary # - address_data: 9.9.9.9 # tls_auth_name: "dns.quad9.net" # Quad 9 Secure Primary # - address_data: 2620:fe::fe # tls_auth_name: "dns.quad9.net" # Cloudflare Primary IPv4 - address_data: 1.1.1.1 tls_auth_name: "cloudflare-dns.com" # Cloudflare Secondary IPv4 - address_data: 1.0.0.1 tls_auth_name: "cloudflare-dns.com" # Cloudflare Primary IPv6 - address_data: 2606:4700:4700::1111 tls_auth_name: "cloudflare-dns.com" # Cloudflare Secondary IPv6 - address_data: 2606:4700:4700::1001 tls_auth_name: "cloudflare-dns.com"
# stubby.yml configuration file created by Xentrk
# version 1.0.0
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Cloudflare Primary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Primary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Cloudflare Secondary IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
I'm starting to think your added instructions at the bottom are coming across something it doesn't like.OK, I double checked and the spacing is exactly the same as in your example skeal and I only changed thee IP addresses with the new DNS provider:
Code:# stubby.yml configuration file created by Xentrk # version 1.0.0 tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt" resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: - GETDNS_TRANSPORT_TLS tls_authentication: GETDNS_AUTHENTICATION_REQUIRED tls_query_padding_blocksize: 128 edns_client_subnet_private : 1 round_robin_upstreams: 1 idle_timeout: 2000 tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 appdata_dir: "/opt/var/cache/stubby" listen_addresses: - 127.0.0.1@5453 - 0::1@5453 upstream_recursive_servers: # Cloudflare Primary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Primary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Tweaks for statically linked binaries tls_min_version: GETDNS_TLS1_3 tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
However when I use the above code I cannot connect to the internet anymore....
I'm starting to think your added instructions at the bottom are coming across something it doesn't like.
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
Don’t duplicate the entries if there is only one IP address provided by the provider.OK, I double checked and the spacing is exactly the same as in your example skeal and I only changed thee IP addresses with the new DNS provider:
Code:# stubby.yml configuration file created by Xentrk # version 1.0.0 tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt" resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: - GETDNS_TRANSPORT_TLS tls_authentication: GETDNS_AUTHENTICATION_REQUIRED tls_query_padding_blocksize: 128 edns_client_subnet_private : 1 round_robin_upstreams: 1 idle_timeout: 2000 tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 appdata_dir: "/opt/var/cache/stubby" listen_addresses: - 127.0.0.1@5453 - 0::1@5453 upstream_recursive_servers: # Cloudflare Primary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Primary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Tweaks for statically linked binaries tls_min_version: GETDNS_TLS1_3 tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
However when I use the above code I cannot connect to the internet anymore....
Your provider doesn't support TLS v1.3. You need to change the tls_min_version line to reflect TLS v1.2:OK, I double checked and the spacing is exactly the same as in your example skeal and I only changed thee IP addresses with the new DNS provider:
Code:# stubby.yml configuration file created by Xentrk # version 1.0.0 tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt" resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: - GETDNS_TRANSPORT_TLS tls_authentication: GETDNS_AUTHENTICATION_REQUIRED tls_query_padding_blocksize: 128 edns_client_subnet_private : 1 round_robin_upstreams: 1 idle_timeout: 2000 tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 appdata_dir: "/opt/var/cache/stubby" listen_addresses: - 127.0.0.1@5453 - 0::1@5453 upstream_recursive_servers: # Cloudflare Primary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare Primary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Cloudflare Secondary IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Tweaks for statically linked binaries tls_min_version: GETDNS_TLS1_3 tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
However when I use the above code I cannot connect to the internet anymore....
tls_min_version: GETDNS_TLS1_2
upstream_recursive_servers:
# dismail.de IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# dismail.de IPv6
# - address_data: 2a02:c205:3001:4558::1
# tls_auth_name: "fdns1.dismail.de"
# stubby.yml configuration file created by Xentrk
# version 1.0.0
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Cloudflare IPv4
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
# Cloudflare IPv6
- address_data: 2a02:c205:3001:4558::1
tls_auth_name: "fdns1.dismail.de"
# Tweaks for statically linked binaries
tls_min_version: GETDNS_TLS1_2
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
- address_data: 80.241.218.68
tls_auth_name: "fdns1.dismail.de"
tls_pubkey_pinset:
- digest: "sha256"
value: MMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=
No, the two things aren't connected. Leave it.Alrigth, it seems to work now, after I changed the tls_min_version: GETDNS_TLS1_3 to 1_2:
Code:# stubby.yml configuration file created by Xentrk # version 1.0.0 tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt" resolution_type: GETDNS_RESOLUTION_STUB dns_transport_list: - GETDNS_TRANSPORT_TLS tls_authentication: GETDNS_AUTHENTICATION_REQUIRED tls_query_padding_blocksize: 128 edns_client_subnet_private : 1 round_robin_upstreams: 1 idle_timeout: 2000 tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 appdata_dir: "/opt/var/cache/stubby" listen_addresses: - 127.0.0.1@5453 - 0::1@5453 upstream_recursive_servers: # Cloudflare IPv4 - address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" # Cloudflare IPv6 - address_data: 2a02:c205:3001:4558::1 tls_auth_name: "fdns1.dismail.de" # Tweaks for statically linked binaries tls_min_version: GETDNS_TLS1_2 tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
Thanks everyone who helped!!!
Should I also change now round_robin_upstreams: 1 to round_robin_upstreams: 0?
Also, since the above works, would that be a better version to use:
Code:- address_data: 80.241.218.68 tls_auth_name: "fdns1.dismail.de" tls_pubkey_pinset: - digest: "sha256" value: MMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!