I would like to have DNS privacy, What I think to understand, is that today DNS over TLS is the way to go because DNS over HTTPS isn’t standardised yet.
I found several howto’s and granted I don’t own a engineer title, I can perform most task needed. In my younger years I compiled my own linux kernel. A self educated man so to speak.
What I lack in most howto’s is an explanation why this or that path is chosen.
I started with dnscrypt more then a year ago but then for some reason my router a DIR-860B1 didn’t work anymore. The network failed. There was nothing wrong with the router so I started a search on the internet and this time I stumbled over this article.
https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ I aplied it in the beginning of this year and it was happily working.
Some days ago I upgraded to 18.06.1 and found that I didn’t have any internet. I can’t quite recall if it was immediately after applying the unbound or not.
So I searched again and found the original website but also more, and now I’m lost.
I founds solutions where they were using unbound, some are using unbound and stubby and other combinations. Directnupe seems to experiment and knows a lot about this, but when he writes a guide I find it hard to follow. For me he also seems to jump all over the place it’s hard to follow for me.(why is he talking about expanding memory?)
I also find warnings about openssl not being 1.1 and so therefore it's a problem for unbound.
What I found for me, is that it is intimidating to read al these guides and pick the best one.
The best one for me is the one that:
Stay’s the closest to the original openwrt installation.
Has fewer components
Follows standard protocols
Doesn’t need regular intervention or as few as possible
Informs me that certificates or other components need attention
Has a simple failover way in case the DNS breaks..
Performs reasonably well
How big is the cashe of the resolver? Where is it? Can I alter it
I would very much appreciate the communities help in this quest and hope that the openwrt dev guy’s see this question as a point where more guidance is needed in there vast documentation.