Dns-over-HTTPS configuring question

Installing and Using OpenWrt
1

Tried this manual: https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy

And test here: https://www.cloudflare.com/ssl/encrypted-sni/ still shows to me question mark in "Secure DNS" section. Also this test: https://1.1.1.1/help tells, that I don't ust DoH.

I tried to delete all DNS servers in my WAN interface and add one DNS server there - 127.0.0.1 or 192.168.1.1. Tried to add DNS hijacking rule to firewall https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns No effect.

Where did I fail?

DHCP config:


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option ednspacket_max '1232'
	option dnssec '1'
	option quietdhcp '1'
	option noresolv '1'
	option doh_backup_noresolv '-1'
	list doh_backup_server ''
	option localuse '1'
	option localservice '1'
    list server '127.0.0.1#5054'
	list server '/ntp.time.in.ua/1.1.1.1'
	list server '/ntp.time.in.ua/'
	list server '/ntp2.time.in.ua/1.1.1.1'
	list server '/ntp2.time.in.ua/'
	list server '/ntp3.time.in.ua/1.1.1.1'
	list server '/ntp3.time.in.ua/'
	list server '/openwrt.pool.ntp.org/1.1.1.1'
	list server '/openwrt.pool.ntp.org/'
	

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
2

Can someone post "easy" guide for installing DoH in OpenWrt and how to test it? I'm not too experienced user, sorry.

3

Take a look https://www.youtube.com/watch?v=ySkqc_7Xc3U

4 
uci show dhcp; uci show https-dns-proxy
5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.