DNS resolver options

I've been around forums long enough to know when people are being nice while at the same time poking at you. Call it what ever you'd like but as a new user on this site, I can share with you how it feels to me so am quite sure it must scare off others looking for help and to learn.
If you actually think I have attitude, you really should look beyond your own bias, re-read the entire thread and see how the comments might look like to someone new.
No, no attitude what so ever, not here for conflict as that leads to nothing useful. I've tried to offer info as asked, learning as I go, have said it all along yet it keeps being pointed out that I don't know anything. I even said thank you at the end. No attitude what so ever.

Anyways, as I have said, I am not looking for anything but to turn my little router into a local DNS resolver, no encryption, no forwarding, just a local dns resolver, nothing else.

So far, I am no further along than when I started. Nothing in this thread has helped me to set up a resolving dns service and searching the net for the last two days.

I can't believe how simple it was and one of you could have told me in one post instead of acting all high and mighty.

I think I'll try something else like pi or some other where people are more friendly in the forums. I'm sure you won't learn anything from my observations and blame me for being this or that but feel free to do so, I won't be back to check anyhow.

We did, to run unbound you had to upgrade. You in turn said:

  • you dont want to build a firmware
  • you also said you would upgrade

Now, it seems just totally unwilling to simply read above; and it still sounds like you improperly worded your inquiry:

  • If you're using unbound, you're still using someone else's DNS servers
  • You originally stated you wanted the server to use Root Hints (why BIND was suggested and continually pushed - by me at least)
  • You asked about DNS security, then got mad when you were referred to a security forum
  • This is the same as Dnsmasq, it just doesn't have DHCP compiled into it
  • If you didn't compile the firmware, you're actually wasting space, because files on the firmware are just "whited out"...which is why compiling was suggested to you

Glad you got it working, though.

No hard feelings on my part; and despite how I "sounded" to you, it was my 100% intent to assist. Good day to you sir.

The guys only want to know a way to secure dns with an easy way with chaos calmer. Just told him how to use dnscrypt and vpn. And that's it.

Yet you all keep talking about upgrade, build image, security flaw, root sever and bla bla bla some other useless thing. Don't act cocky while you actually know nothing and can't give a damn solution. what a bullshit.

Here is Link for dnscrypt : https://openwrt.org/docs/guide-user/services/dns/dnscrypt

Link for openvpn : https://oldwiki.archive.openwrt.org/doc/howto/vpn.openvpn

The old wiki is for archival purposes only and does not receive updates any more.

New URL: https://openwrt.org/docs/guide-user/services/vpn/openvpn/start

You may have also noticed that the software for Chaos Calmer isn't in the OpenWrt repository.

Install at your own risk.

Whether you consider it "cocky" or not, "secure" and "Chaos Calmer" in the same sentence is a factual oxymoron. It's right up there with letting the fox guard the hen house.

The solution is to upgrade to a current, supported version of OpenWrt, with 18.06.1 being recommended as v17 is about to be EOLed, and follow any of the tutorials on the subject. @directnupe has taken the time to prepare several of them; https://forum.openwrt.org/search?q=stubby%20%40directnupe&expanded=true will find many of their posts on the subject.

As discussed in multiple threads, there is no "standard" or "best" way at this time, as the standards and support for those standards is still evolving. https://dnsprivacy.org/ is an excellent resource to help you decide which approach you'd like to try out and what upstream providers might support your queries.

1 Like

Ok you really didn't get the point of the question. and oxymoron? haha I won't comment that.

If someone ask how to make a secure DNS connection in openwrt how you gonna answer? buy new device ? make own private dns server ? or are you gonna even says use different OS? because I can say for sure that openwrt is not the most secured firmware for DNS connection in this world. so suggesting openwrt firmware is oxymoron too? haha, your statement is really off-topic.

The point is you are talking to beginner and he's using chaos calmer. You should answer that based on his current condition. If you can't answer that then don't act like an omniscience figure. Suggestion is always welcomed but of course please provide a better solution as well (with a how to).
All I see here you gave links which are off-topic like IANA, LEDE, and homepage of DNSprivacy? even google search can give a more specific answer ffs.

And again with no better solution provided ??? it's the latest available for chaos calmer. u can install version 1.5 from openwrt repository if you like it and no body against it. But at least it gave a how to step by step for a beginner.

You're right, I did misinterpret your post,

I failed to immediately identify you as the troll that you are.

"Don't feed the trolls" has proven to be an ineffective approach, so I'm calling a spade a spade.

You joined 21 hours ago and have done nothing but complain. You have added nothing positive to the thread, or the forum in general, nor have apparently sought any information.

You certainly don't deserve any further responses.

I didn't complain but state the fact that you are just talking bullshit here. yeah I join in just to provide an answer so anyone who land on this page didn't waste their time in vain cause seeing 20+ reply that didn't give any answer at all. Therefore I gave direct answer with direct link tutorial.
oh and one more thing that u don't know that chaos calmer can run unbound it's in the repository. Now understand why it's called cocky bullshit?

what help did you provide to the question? none but just complaining about outdated firmware and bla bla bla global security bla bla bla. And writing in bold or capital didn't make you super. Bye.

Just as long as the OP knows, the instructions you provided don't lead to the OpenWrt repository...nor do they mention unbound. LOL

If it is available in the OpenWrt repository, then those instructions need to be updated.

The OpenWrt package for ar71xx is maintained by black-roland.

Are you willing to update them?

For years my setup used my own off-firewall recursive dns resolver. Recently I changed over to Cloudflare and Quad9 dns-over-tls for better performance.

If you like to play,

This shows that you know nothing yet talk big. Since it's in default repository then just update and install. or if want to update to version 1.7 then get the one from roland black. It's the only option for chaos calmer now. Did you even read the tutorial or do a skip jump read. Lol.

again. Misleading and wrong. Chaos calmer has unbound in repository. But whatever...... Lol

I never and did not suggest unbound in chaos calmer but just state that it's available. It's actually you who suggest upgrade and install unbound but once he got problem installing it you actually ignore it and keep talking useless stuff and acting smartass. well, bet you don't even know how to fix it either.
Here unbound tutorial for you so next time you don't spread bullshit lol : https://openwrt.org/docs/guide-user/services/dns/unbound

Look at all the reply beside you. They gave relevant and useful link to the topic instead of talking nonsense. And what did you provide till now???? berate someone? Lol. a little harsh here. But good for someone like you. Lol

Ok since all tutorial for DNScrypt, vpn, stubby, and unbound already here then it's already good enough for DNS. Bye won't reply you.

The main point is: CC is insecure and should not be used any more.

Closing this topic now.

@jahatkeh10 Next time please watch your language.

1 Like