How to add Google DNS over HTTPS in OpenWrt

Installing and Using OpenWrt
1

Firmware Version: 18.06.5
I've installed DOH module & I'd like to know if I can use Google's DOH in it instead of Cloudflare's
The documentation shows this,
uci set https_dns_proxy.dns.url_prefix="https://cloudflare-dns.com/dns-query?ct=application/dns-json&"
Any help would be appreciated. Thank you :smiley:

2

Google URLs are:
https://dns.google/dns-query
or
https://dns.google/resolve?
according their documentation:
https://developers.google.com/speed/public-dns/docs/doh

I'm unable to test them at the moment.

1 Like
3

Hello, I referred those sites already. Documentation says

https-dns-proxy is configured with Google DNS by default.

Although, the only thing it was making me re-go through stuff is because Secure DNS was giving me question mark in Cloudflare Encrypted SNI Test.
But then I did other tests like,
tenta.com/test/
dnssec.vs.uni-due.de/
Then came to conclusion that DNSSEC validation on default Google's DNS is already working. Dunno what's wrong with Cloudflare site then.

If someone wants to manually change current DOH provider with Google's then,

uci set https_dns_proxy.dns.url_prefix="https://dns.google.com/resolve?"
uci commit https_dns_proxy
/etc/init.d/https_dns_proxy restart

That will do!

4

In the future, you may want to note the reason why you are trying all these tests and why you feel something's not working.

DNSSEC is different from DoH. I only gleaned that you're now trying to pass some DNSSEC inspection tests from your other threads on DoH.

5

Should I make necessary changes in the post?
Also, any thoughts why Cloudflare site is giving me question mark on Secure DNS test when I use Google DNS?

6

Yes I do, there's many reasons.

But I rather show you something; and advise that you stop being paranoid by trying to make everything green. Also, since it's been established that these things are unrelated to the OpenWrt router, you may have better success asking in the appropriate forums (e.g. Mozilla, Google, Cloudflare, etc.).

Screenshot%20from%202019-12-02%2010-54-44
Screenshot%20from%202019-12-02%2010-54-44783×114 6.44 KB

Screenshot%20from%202019-12-02%2010-55-36

Screenshot%20from%202019-12-02%2011-03-11

Scripts off

Screenshot%20from%202019-12-02%2010-59-36
Screenshot%20from%202019-12-02%2010-59-36884×586 102 KB

Scripts on

Screenshot%20from%202019-12-02%2010-59-12
Screenshot%20from%202019-12-02%2010-59-12873×570 128 KB

Ask Cloudflare, as the site's DNSSEC is working, you'll need to know what the web code checks. It could even be checking a test zone that only exists in their DNS servers.

1 Like