OpenWrt 22.03.2 on EdgeRouter X.
I use stubby on my EdgeRouter X to provide Cloudflare DoT. I use the following IP' addresses, "1.1.1.3", "1.0.0.3", [2606:4700:4700::1113], [2606:4700:4700::1003] along with "family.cloudflare-dns.com". Is there a way to redirect all plain text 53 and DoT and DoH queries to my stubby DNS? I would like to force all LAN devices to use my stubby Cloudflare family DNS. I don't understand how to format the firewall rule for DNS hijacking to hijack all DNS queries and I don't know where to put canary domains. Is there an online guide for CLI for how to hijack and use canary for stubby?
I'm also interested in setting up canary domains for devices that use DoT and DoH. I don't understand what actual firewall rule I use for this and how to input canary domains. I would prefer to use CLI for this.
I used the following links to help setup DoT on a new flash of OpenWrt 22.03.2.
Here are my configs.
config stubby 'global'
option manual '0'
option trigger 'wan'
list dns_transport 'GETDNS_TRANSPORT_TLS'
option tls_authentication '1'
option tls_query_padding_blocksize '128'
option appdata_dir '/var/lib/stubby'
option edns_client_subnet_private '1'
option idle_timeout '10000'
option round_robin_upstreams '1'
list listen_address '127.0.0.1@5453'
list listen_address '0::1@5453'
config resolver
option address '2606:4700:4700::1113'
option tls_auth_name 'family.cloudflare-dns.com'
config resolver
option address '2606:4700:4700::1003'
option tls_auth_name 'family.cloudflare-dns.com'
config resolver
option address '1.1.1.3'
option tls_auth_name 'family.cloudflare-dns.com'
config resolver
option address '1.0.0.3'
option tls_auth_name 'family.cloudflare-dns.com'