Hey guys. What is the best package for DoH (DoT)? Especially for old 8/128 routers.
I've tried these for a long time each and there is my thoughts:
dnscrypt-proxy2 — best of the best with true load balancing, a lot of options and can automatically update server's list. But! Too heavy — even 22.03 router reboots;
https-dns-proxy — average tool with load balancing (aka "choosing faster server") but router's load average often became 10 10 10 and it reboots too;
at this time i'm using smartdns — good tool, more options than https-dns-proxy and works a lot more stable.
And what tool are you using? What DoH is the best for OpenWRT?
If the router resources are a concern, https-dns-proxy is definitely a way to go. I've compared sizes reported by opkg info for the packages listed by OP and they are:
https-dns-proxy: 21290
smartdns: 136740 (6 times the size of https-dns-proxy)
dnscrypt-proxy2: 4339330 (203 times the size of https-dns-proxy)
Now, stubby brought up by @Ramon and @efahl is also a small package (21089), but I don't have a positive personal experience with it.
The benefits of https-dns-proxy tho is that it reconfigures dnsmasq to use secure DNS on start and regular DNS when you stop https-dns-proxy, it has a great WebUI app allowing you to pick one of the pre-selected resolvers or configure customizable resolvers or add your own and upstream maintainers are pretty responsive to issues discovered/specific to OpenWrt.
PS. I don't think the "load balancing" works the way you think it works. AFAIK with both dnscrypt-proxy2 and https-dns-proxy it's up to dnsmasq to do the "load balancing" (simultaneous requests), not those proxy services. So if you rate them based on "load balancing", first of all -- why, they have nothing to do with it, and secondly, they are both then "best of the best with true load balancing".
PPS. If you're considering dnscrypt-proxy2 for the resource-strained router, you may as well replace dnsmasq+proxy with unbound at that point.
https-dns-proxy is a great tool but i have a bad expirience with v2023-05-25-3. If there is no any DNS activity some time and then it appears https-dns-proxy overload router's CPU and then it reboots. I don't know is there fix for this bug at this time.
There have been quite a few updates since May, I'd advise you to always update to the newest version of both https-dns-proxy and luci-app-https-dns-proxy. I'm unaware of anyone else experiencing a similar issue.
Unfortunately my Acrher C60 23.05 isn't even start when https-dns-proxy 2023-10-25-4 have 20 DNS servers in config. Default configuration with Google and CF work fine. At the same time smartdns can process 21 servers.