Xentrk
Part of the Furniture
As you discovered, Encrypted SNI settings need to made in the Firefox browser. Nothing to do with Stubby. For the benefit of others, please see:I did that. Also changed the DNS server address (router IP) on PC. Now my DNS resolved to Cloudflare on DNS Leak Test. Neflix-VPN-Bypass also works. Passed the DNSSEC Resolver Test. On Cloudflare SNI Checker, Encrypted SNI failed. Used Firefox Nightly with Encrypted SNI enabled. Is there a way to forced other gadgets on network to use Cloudflare DNS without manually changing it on each device?
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Blocking Client DNS requests
A client device with DNS configured will override the DNS configured on the router. To override client DNS settings and force all LAN clients to use Stubby, enter the following commands in an SSH session.
Code:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to "$(nvram get lan_ipaddr)"
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to "$(nvram get lan_ipaddr)"
Add the commands to /jffs/scripts/firewall-start in order for the rules to be applied upon a restart.
Last edited: