Hey guys. What is the best package for DoH (DoT)? Especially for old 8/128 routers.
I've tried these for a long time each and there is my thoughts:
dnscrypt-proxy2 — best of the best with true load balancing, a lot of options and can automatically update server's list. But! Too heavy — even 22.03 router reboots;
https-dns-proxy — average tool with load balancing (aka "choosing faster server") but router's load average often became 10 10 10 and it reboots too;
at this time i'm using smartdns — good tool, more options than https-dns-proxy and works a lot more stable.
And what tool are you using? What DoH is the best for OpenWRT?
If the router resources are a concern, https-dns-proxy is definitely a way to go. I've compared sizes reported by opkg info for the packages listed by OP and they are:
https-dns-proxy: 21290
smartdns: 136740 (6 times the size of https-dns-proxy)
dnscrypt-proxy2: 4339330 (203 times the size of https-dns-proxy)
Now, stubby brought up by @Ramon and @efahl is also a small package (21089), but I don't have a positive personal experience with it.
The benefits of https-dns-proxy tho is that it reconfigures dnsmasq to use secure DNS on start and regular DNS when you stop https-dns-proxy, it has a great WebUI app allowing you to pick one of the pre-selected resolvers or configure customizable resolvers or add your own and upstream maintainers are pretty responsive to issues discovered/specific to OpenWrt.
PS. I don't think the "load balancing" works the way you think it works. AFAIK with both dnscrypt-proxy2 and https-dns-proxy it's up to dnsmasq to do the "load balancing" (simultaneous requests), not those proxy services. So if you rate them based on "load balancing", first of all -- why, they have nothing to do with it, and secondly, they are both then "best of the best with true load balancing".
PPS. If you're considering dnscrypt-proxy2 for the resource-strained router, you may as well replace dnsmasq+proxy with unbound at that point.
https-dns-proxy is a great tool but i have a bad expirience with v2023-05-25-3. If there is no any DNS activity some time and then it appears https-dns-proxy overload router's CPU and then it reboots. I don't know is there fix for this bug at this time.
There have been quite a few updates since May, I'd advise you to always update to the newest version of both https-dns-proxy and luci-app-https-dns-proxy. I'm unaware of anyone else experiencing a similar issue.
Unfortunately my Acrher C60 23.05 isn't even start when https-dns-proxy 2023-10-25-4 have 20 DNS servers in config. Default configuration with Google and CF work fine. At the same time smartdns can process 21 servers.
Hi. Can you recommended please best and stable package for DoH.
Router Asus AX-59U 512M Luci. OpenWrt 24.10.1 r28597-0425664679 / LuCI (HEAD detached at 2ac26e56) branch 25.103.51521~2ac26e5
SmartDNS for me.
It still fits on 16/64.
I used to install https-dns-proxy but somehow it doesn't work and I'm too lazy to find out why.
Then I installed SmartDNS because that's the package that still fits on 16/64 devices besides Stubby (where Stubby is not an option for me because ISPs easily bypass DoT).
I then installed SmartDNS on my other, more powerful router and enabling its AdBlock feature (Replaced DNSCrypt-proxy2 due to CPU hogging).
SmartDNS configuration is pretty simple (also has luci).
Because SmartDNS can use IP, the router can avoid Race conditions without further settings.
This is useful for me who uses a lot of schedules on the router (yes I've had problems due to time out of sync).
No problems so far, after disconnection, reboot or power outage.
Just like DNSCrypt-proxy2, SmartDNS is a bit outdated compared to the GitHub version.
But SmartDNS and DNSCrypt-proxy2 always work after an OpenWrt upgrade.
SmartDNS is easy to configure, even for beginners like me.