Hello @directnupe
I helped put the getdns and stubby packages together, so hopefully I can help get them running on your device. (Note: There will be a few changes coming to the package defaults during the next release of getdns/stubby, as well as further explanation on the config choices that were included in the stubby.)
First, to answer your questions:
- No, there is no luci app yet
- There is currently no guide/etc. written up to get this working with lede/openwrt.
Assumptions:
-
You have unbound or dnsmasq configured for your device, and it is the primary dns serving your network. (Or... at the very least, the unbound/dnsmasq config will not conflict with the default port currently set in the lede/openwrt stubby package, which is 5453.)
a) I recommend running unbound to utilize the caching. Sometimes the connections from stubby to the resolver can have a little but of lag, so caching + prefetch helps minimize the effects.
-
You have a ca cert bundle installed on your router.
a) You can do this by running the following: opkg install ca-certificates
To get the packages to show up, you must subscribe to the correct feed. You can add the following to the "/etc/opkg/customfeeds.conf" file:
src/gz openwrt_packages http://downloads.lede-project.org/snapshots/packages/mips_24kc/packages
Note: "mips_24kc" needs to be replaced with the proper instruction set for your device. You can find this info via the hardware table and then viewing "tech data" https://lede-project.org/toh/start
Make sure the "openwrt_packages" does not conflict with any other feed you have.
Note 2: The snapshot feed (master) is the only branch where the packages currently exist. You will have to wait for the next lede/openwrt branch if you want to stick to release branches.
Note 3: When adding the snapshot branch, be careful with "upgrading" packages.
After you add the correct feed, run:
opkg update
After that, you should be able to install the packages:
opkg install getdns stubby
You can change the default resolvers packaged with the current package by editing /etc/stubby/stubby.yml
Note: There has been some discussions about the current defaults. I believe on the next release, I'm going to change the lede/openwrt stubby defaults to use quad9 non-filtering service: 9.9.9.10 and appropriate ipv6 equivalent.
The last step is to point you local resolver (unbound/dnsmasq) to stubby for name resolution.
For unbound, simply edit "/etc/unbound/unbound_ext.conf" and add the following:
forward-addr: 127.0.0.1@5453
OR
forward-addr: ::1@5453
(The lede/openwrt package of stubby currently defaults to listening on the loopback adapters only.)
Be sure to restart/reload your resolver afterwards.
To ensure stubby starts correctly after config file changes, please check the syslog after a restart of the service. You should see something similar to below (no errors reported):
stubby[24047]: [21:28:10.228569] STUBBY: Read config from file /etc/stubby/stubby.yml
stubby[24047]: [21:28:10.254679] STUBBY: Starting DAEMON....
Hopefully this helps.