jeff
July 3, 2019, 4:08pm
14
Perhaps that discussion should be reopened, as there seems to be many contributions on this topic alone that chose to post here, with a modern topic editor and a readable layout, as opposed to the 1990s wiki and style sheet still in place. It's not just one poster either
How Maintain Online Optimal Security - DNS OVER TLS Servers' SPKI pin(s) Maintenance and UpKeep -
See VERY IMPORTANT UPDATE: at end of this post for best DNS Privacy Test Servers configuration for STUBBY.
ForeThought: If you have figured out how to keep your DNS OVER TLS servers' SPKI pin(s) up to date and secure then skip to the last section where there is an excellent website : https://www.immuniweb.com/ssl/?id=Su8SeUQ4 for running an in depth SSL Security Test for all the servers you chose …
All the guides I see for using DNS-over-TLS on OpenWRT require unbound, what I found out is that in fact you only need stubby, which does the DNS-over-TLS and acts as a proxy for DN resolution.
Stubby is simple to configure and dnsmasq can point to this proxy instead and continue to do all the things it needs to do such as domain name caching.
Because I have this setup running in a old router (4/32) without much space on the overlay to install stubby and its dependencies I have it setup so it …
I recently decided to implement DNS over TLS and found that many tutorials were not oriented to those who are less tech savvy. This is a simple approach which allows you to do all configuration in LuCI without any CLI commands. I have to give credit to https://candrews.integralblue.com/2018/08/dns-over-tls-on-openwrt-18-06/ , as that is where I got my setup instructions from, and just figured out how to do them in LuCI
Notes:
This setup expects you to use Cloudflare's DNS resolvers. If you wan…