Installing DoH on 18.06.6

okji · January 10, 2020, 6:25pm

I wanted to confirm that DoH can be installed on 18.06.6 via CLI.

Hoping to avoid any problems, I wanted to review what I plan to do and hopefully get confirmation that I am not making any mistakes. I will be installing on a Linksys WRT1900ACS with 18.06.6 installed.

Update packages

opkg update
opkg install dnsmasq https-dns-proxy

Set Resolver by pasting this into CLI (Quad9)

while uci -q delete https-dns-proxy.@https-dns-proxy[0]; do :; done
uci add https-dns-proxy https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1]=https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1].bootstrap_dns='9.9.9.9,149.112.112.112'
uci set https-dns-proxy.@https-dns-proxy[-1].resolver_url='https://dns.quad9.net/dns-query'
uci set https-dns-proxy.@https-dns-proxy[-1].listen_addr='127.0.0.1'
uci set https-dns-proxy.@https-dns-proxy[-1].listen_port='5053'
uci set https-dns-proxy.@https-dns-proxy[-1].user='nobody'
uci set https-dns-proxy.@https-dns-proxy[-1].group='nogroup'
uci set https-dns-proxy.@https-dns-proxy[-1].ipv4_resolvers='1'
uci set https-dns-proxy.@https-dns-proxy[-1].verbosity='0'
uci commit https-dns-proxy
/etc/init.d/https-dns-proxy restart

encrypt for local system by pasting this into CLI

uci set dhcp.@dnsmasq[0].localuse="1"

Fetch DNS provider by pasting this into CLI

. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_find_wan6 NET_IF6
network_get_dnsserver NET_DNS "${NET_IF}"
network_get_dnsserver NET_DNS6 "${NET_IF6}"

Bypass DNS encryption for NTP provider by pasting this:

uci get system.ntp.server \
| sed -e "s/\s/\n/g" \
| sed -e "s/^[0-9]*\.//" \
| sort -u \
| while read -r NTP_DOMAIN
do
uci add_list dhcp.@dnsmasq[0].server="/${NTP_DOMAIN}/${NET_DNS%% *}"
uci add_list dhcp.@dnsmasq[0].server="/${NTP_DOMAIN}/${NET_DNS6%% *}"
done
uci commit dhcp
/etc/init.d/dnsmasq restart

Everything look good?

stangri · January 10, 2020, 7:34pm

There's an issue with the current build where it will back up all dhcp.@dnsmasq[0].server entries, includig your bypass dns encryption for NTP on start and restore them on stop.

I have code for the fix, but I'd prefer to test it a bit more and I need to finish the README before I send the PR for the official repo.

okji · January 10, 2020, 7:44pm

Thanks for responding!

So you would advise I wait for 18.06.7 or perhaps 19.07.1?

But otherwise, was everything I posted about the process of setting it up correct?

stangri · January 11, 2020, 3:22am

I hope the PR (when I send it) will be accepted for the current releases as it's a bugfix. Alternatively, you can just copy-paste the content of https://github.com/stangri/openwrt_packages/blob/master/https-dns-proxy/files/https-dns-proxy.init to /etc/init.d/https-dns-proxy after you install/stop it. The README for the new version is here: https://github.com/stangri/openwrt_packages/blob/master/https-dns-proxy/files/README.md.

Yes. There's also a nice WebUI.

okji · January 11, 2020, 3:43pm

The WebUI is luci-app-https-dns-proxy correct?

The CLI method works on 18.06.6 (assuming I understand correctly). Does the WebUI also work on 18.06.6, or only 19.07?

stangri · January 11, 2020, 9:25pm

The DoH proxy code currently is (and I hope will be after next PR) the same on 18.06, 19.07 and master, so the CLI commands you've pasted will work equally well on either branch.

okji · January 13, 2020, 5:34am

Could you kindly post here when/if the PR is accepted and implemented?

okji · January 23, 2020, 7:28pm

Can I install luci-app-https-dns-proxy on 18.06?

Any news on if your bug submission was been implemented yet?

stangri · January 26, 2020, 5:03am

Both principal package and Web UI are available in master, 19.07 and 18.06.

I just sent PRs for some fixes and the new README with description of options.

okji · January 27, 2020, 5:07pm

Where can I find a copy of the README? Is it possible to read it now before installing? (How long do you anticipate it will take before the fixes are implemented into what users can download)?

stangri · January 27, 2020, 11:09pm

Changes have been merged last night, so the new package (version 2019-12-03-3) should be available for 18.06, 19.07 and master either now or later today.

README is in github: https://github.com/openwrt/packages/blob/master/net/https-dns-proxy/files/README.md

vrpatil · March 2, 2021, 12:05am

Is there a possibility to use custom resolver URL from LUCI? Even if set it manually from command line, if any further update is done on LUCI, it is overwritten.

Some DOHS DNS services provide option have a custom resolver URL for personalized tracking and blocking. It will be good to have that available on LUCI interface,

stangri · March 2, 2021, 7:01am

Not with the current implementation. If you want to use resolver which is not listed, you'll have to use CLI.

When the WebUI is rewritten in js (some time this year) I was thinking of adding an option to append the resolver with customizations based on what NexDNS does. Which resolver specifically are you referring to?

vrpatil · March 2, 2021, 3:40pm

ok will wait for the feature.

cloudfare etc do have resolvers which can be customized.

system · March 12, 2021, 3:40pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.