Hi There,
I would like to have DNS privacy, What I think to understand, is that today DNS over TLS is the way to go because DNS over HTTPS isn’t standardised yet.
I found several howto’s and granted I don’t own a engineer title, I can perform most task needed. In my younger years I compiled my own linux kernel. A self educated man so to speak.
What I lack in most howto’s is an explanation why this or that path is chosen.
I started with dnscrypt more then a year ago but then for some reason my router a DIR-860B1 didn’t work anymore. The network failed. There was nothing wrong with the router so I started a search on the internet and this time I stumbled over this article.
https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ I aplied it in the beginning of this year and it was happily working.
Some days ago I upgraded to 18.06.1 and found that I didn’t have any internet. I can’t quite recall if it was immediately after applying the unbound or not.
So I searched again and found the original website but also more, and now I’m lost.
I founds solutions where they were using unbound, some are using unbound and stubby and other combinations. Directnupe seems to experiment and knows a lot about this, but when he writes a guide I find it hard to follow. For me he also seems to jump all over the place it’s hard to follow for me.(why is he talking about expanding memory?)
I also find warnings about openssl not being 1.1 and so therefore it's a problem for unbound.
https://blog.cloudflare.com/dns-over-tls-for-openwrt/ 09 Apr 2018
https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ 24 jan 2018
https://forum.openwrt.org/t/adding-dns-over-tls-support-to-openwrt-lede-with-unbound/13765 23 apr 2018
[Tutorial] DNS-over-TLS with dnsmasq and stubby (no need for unbound) 9 aug 2018
What I found for me, is that it is intimidating to read al these guides and pick the best one.
The best one for me is the one that:
-
Stay’s the closest to the original openwrt installation.
-
Has fewer components
-
Follows standard protocols
-
Doesn’t need regular intervention or as few as possible
-
Informs me that certificates or other components need attention
-
Has a simple failover way in case the DNS breaks..
-
Performs reasonably well
-
How big is the cashe of the resolver? Where is it? Can I alter it
I would very much appreciate the communities help in this quest and hope that the openwrt dev guy’s see this question as a point where more guidance is needed in there vast documentation.
Kind Regards
Guy F