I'm not sure if I was supposed to replace any of the references with real values, but what I did was run each line verbatim. The DNS Crypt Provider section ran fine (I tested a web page after the service restart).
However, the dnsmasq section left DNS in a broken state. (refreshing web page failed and browser said there was no internet). I quickly restored my router from backup.
I then read that this is an old version that is not maintained and that there is a new dnscrypt-proxy2. This however, is not available in the repo. I instead found luci-app-dnscrypt-proxy2 which I downloaded from git with winget and installed with opkg. It installed successfully and appeared in the installed packages but there was nothing under the Services menu in LUCI.
At this point I decided to ask for help since I'm not sure if I should be manually installing packages or not.
I'm on a TP-Link Archer AX23 v1
Target Platform: ramips/mt7621
Should I download the latest V2 version from git here?: Latest GIT
the mt7621 appears to be 64bit MIPS
Should I just use the old one with better install instructions?
root@RuralRoots:~# apk info dnscrypt-proxy2
dnscrypt-proxy2-2.1.15-r1 description:
A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS.
dnscrypt-proxy2-2.1.15-r1 webpage:
https://github.com/DNSCrypt/dnscrypt-proxy
dnscrypt-proxy2-2.1.15-r1 installed size:
12 MiB
luci-app-dnscrypt-proxy2 is NOT an existing OpenWrt package.
dnscrypt-proxy2 is too large to install on my poor little router with only 5MB of storage free. Same goes for dnsproxy. https-dns-proxy will fit however.
Don't really understand what this is doing or how much of this to follow. Do I really want to Utilize banIP to filter DoH traffic forcing LAN clients to switch to plain DNS. for example?
I thought we were trying to do the opposite. Besides my router is using dnsmasq right now which it seems to suggest I avoid using. I'm really out of my depth as far as what to do with that.
OK, so I installed https-dns-proxy and the LUCI package to go with it. It shows cloudflare being the first server listed, yet when I go to 1.1.1.1/help. I get a NO for DOH. Why would that be?
$ nmcli dev show | grep DNS
IP4.DNS[1]: 192.168.1.1
IP6.DNS[1]: fd0d:aeea:451b::1
DoH is not DNS, so DoH server addresses can't be passed down as values of DHCP "DNS server" options.
I don't know how the proxy setup is supposed to work. Maybe clients are supposed to talk normal DNS to the router and the translation to DoH is all within the router?