I don't trust DNS servers from my ISP provider. They hide many sites to you and I have discovered that they trend to spy all your traffic (sometime ago they even send complete debug logs from my ISP router to a strange internet site, may be it was some kind of attact to the routers of these ISP, may be it was them that liked to do traffic analysis).
So now I have a neutral router configuered to connect to wan using PPoE and have configured different DNS server (from OpenDNS, as I don't trust google either, due to its data hungriness and extended cross analysis of data).
But to completly hide your DNS traffic you need to encrypt the queries using DoT (or HTTPS, but it seems easier with DoT) at the router level.
I have not found how to configure OpenWRT to forward encrypted DNS query.
You are tracked by everything they can. Many ISPs sniff your traffic and ignore queries to DNS sites that they considered offensive (or the govern has disliked).
Cookies are fighted at the browser level (not easy to fight against them either). I have read about some solutions that can fight cookies at the router level.
Are there good tools for that?
I had already read that page about stubby.
But is seems like an ugly hack.
Is there other clean alternative?
In a couple of months I will not remember why or what does that kind of "hack" do in my configuration.
Or even remember that I did that change to config (as it won't be easily visible).
It would be great to have it integrated with dnsmask and luci interface.
May be easier and more clean (from administrative point of view) to use the other alternative: https-dns-proxy?
Saddly today we need internet for things like paying the bills xD
I think I will try http-dns-proxy, even it seems to be overkilled just to cypher the query (in that sense stubby seems a cleaner solution, but not well integrated yet).
But it seems to have luci interface and easier to configure and keep track of what you did.
Thank you.
(I have discoverd that openDNS does not implement DoT, just DoH. I will have to see what to do if move to another dns service or implement DoH which seems good for configuring a web browser but too overkilled for a router that just want to encrypt the queries as http protocol and https certificates get involved).
