For Those Who May Need GetDns and Stubby Packages For ( ENCRYPTED ) DNS OVER TLS
I uploaded ipk packages to 4shared here below:
https://www.4shared.com/file/MQmjoryHei … 9_vfp.html
https://www.4shared.com/file/UVFVW1XPca … 9_vfp.html
My reason for doing this is because I noticed that some days these packages are available in Lede Snapshot Repo and on others they are not. So if you wish to grab a copy - store them locally - and then install via Winscp - you will be able to do so.
In case you missed the post for the instructions to get GetDns and Stubby working - I will add it again at the end of this post. I use Unbound for caching forwarded to Stubby / dnsmasq for DHCP - so it is speedy - no lag - see setup for that here - https://blog.grobox.de/2018/what-is-dns … r-openwrt/
FOR THOSE INTERESTED IN GETDNS AND STUBBY FOR ( ENCRYPTED ) DNS OVER TLS
iamperson347 aka cliobrando is the maintainer developer for these packages - He was kind enough to get back to me over on The Lede Forum thusly :
https://forum.lede-project.org/t/help-n … ls/11463/2
Hello @directnupe
I helped put the getdns and stubby packages together, so hopefully I can help get them running on your device. (Note: There will be a few changes coming to the package defaults during the next release of getdns/stubby, as well as further explanation on the config choices that were included in the stubby.)
First, to answer your questions:
1 - No, there is no luci app yet
2 - There is currently no guide/etc. written up to get this working with lede/openwrt.
Assumptions:
1 - You have unbound or dnsmasq configured for your device, and it is the primary dns serving your network. (Or… at the very least, the unbound/dnsmasq config will not conflict with the default port currently set in the lede/openwrt stubby package, which is 5453.)
a) I recommend running unbound to utilize the caching. Sometimes the connections from stubby to the resolver can have a little but of lag, so caching + prefetch helps minimize the effects.
2 - You have a ca cert bundle installed on your router.
a) You can do this by running the following: opkg install ca-certificates
To get the packages to show up, you must subscribe to the correct feed. You can add the following to the “/etc/opkg/customfeeds.conf” file:
src/gz openwrt_packages http://downloads.lede-project.org/snaps … c/packages
Note: “mips_24kc” needs to be replaced with the proper instruction set for your device. You can find this info via the hardware table and then viewing “tech data” https://lede-project.org/toh/start
Edit: for WRT 1200AC 1900AC Version 1 1900AC Version 2 1900ACS Version1 or 2 3200ACM - this is correct feed in order to save you time and for the sake of accuracy -
src/gz openwrt_packages https://downloads.lede-project.org/snap … /packages/
Make sure the “openwrt_packages” does not conflict with any other feed you have.
Note 2: The snapshot feed (master) is the only branch where the packages currently exist. You will have to wait for the next lede/openwrt branch if you want to stick to release branches.
Note 3: When adding the snapshot branch, be careful with “upgrading” packages.
After you add the correct feed, run:
opkg update
After that, you should be able to install the packages:
opkg install getdns stubby
You can change the default resolvers packaged with the current package by editing /etc/stubby/stubby.yml
Note: There has been some discussions about the current defaults. I believe on the next release, I’m going to change the lede/openwrt stubby defaults to use quad9 non-filtering service: 9.9.9.10 and appropriate ipv6 equivalent.
The last step is to point you local resolver (unbound/dnsmasq) to stubby for name resolution.
For unbound, simply edit “/etc/unbound/unbound_ext.conf” and add the following:
forward-addr: 127.0.0.1@5453
OR
forward-addr: ::1@5453
(The lede/openwrt package of stubby currently defaults to listening on the loopback adapters only.)
Be sure to restart/reload your resolver afterwards.
To ensure stubby starts correctly after config file changes, please check the syslog after a restart of the service. You should see something similar to below (no errors reported):
stubby[24047]: [21:28:10.228569] STUBBY: Read config from file /etc/stubby/stubby.yml
stubby[24047]: [21:28:10.254679] STUBBY: Starting DAEMON…
Hopefully this helps.
For those interested you can get Stubby from this custom feed for our devices -
src/gz openwrt_packages http://downloads.lede-project.org/snaps … /packages/
Lastly - Dave said that he will be adding GetDns and Stubby to his repo if they build properly in his next upcoming release
(Last edited by directnupe on 15 Feb 2018, 15:02)