Installing DoH on 18.06.6

I wanted to confirm that DoH can be installed on 18.06.6 via CLI.

Hoping to avoid any problems, I wanted to review what I plan to do and hopefully get confirmation that I am not making any mistakes. I will be installing on a Linksys WRT1900ACS with 18.06.6 installed.

Update packages

opkg update
opkg install dnsmasq https-dns-proxy

Set Resolver by pasting this into CLI (Quad9)

while uci -q delete https-dns-proxy.@https-dns-proxy[0]; do :; done
uci add https-dns-proxy https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1]=https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1].bootstrap_dns=','
uci set https-dns-proxy.@https-dns-proxy[-1].resolver_url=''
uci set https-dns-proxy.@https-dns-proxy[-1].listen_addr=''
uci set https-dns-proxy.@https-dns-proxy[-1].listen_port='5053'
uci set https-dns-proxy.@https-dns-proxy[-1].user='nobody'
uci set https-dns-proxy.@https-dns-proxy[-1].group='nogroup'
uci set https-dns-proxy.@https-dns-proxy[-1].ipv4_resolvers='1'
uci set https-dns-proxy.@https-dns-proxy[-1].verbosity='0'
uci commit https-dns-proxy
/etc/init.d/https-dns-proxy restart

encrypt for local system by pasting this into CLI

uci set dhcp.@dnsmasq[0].localuse="1"

Fetch DNS provider by pasting this into CLI

. /lib/functions/
network_find_wan NET_IF
network_find_wan6 NET_IF6
network_get_dnsserver NET_DNS "${NET_IF}"
network_get_dnsserver NET_DNS6 "${NET_IF6}"

Bypass DNS encryption for NTP provider by pasting this:

uci get system.ntp.server \
| sed -e "s/\s/\n/g" \
| sed -e "s/^[0-9]*\.//" \
| sort -u \
| while read -r NTP_DOMAIN
uci add_list dhcp.@dnsmasq[0].server="/${NTP_DOMAIN}/${NET_DNS%% *}"
uci add_list dhcp.@dnsmasq[0].server="/${NTP_DOMAIN}/${NET_DNS6%% *}"
uci commit dhcp
/etc/init.d/dnsmasq restart

Everything look good?

1 Like

There's an issue with the current build where it will back up all dhcp.@dnsmasq[0].server entries, includig your bypass dns encryption for NTP on start and restore them on stop.

I have code for the fix, but I'd prefer to test it a bit more and I need to finish the README before I send the PR for the official repo.

1 Like

Thanks for responding!

So you would advise I wait for 18.06.7 or perhaps 19.07.1?

But otherwise, was everything I posted about the process of setting it up correct?

I hope the PR (when I send it) will be accepted for the current releases as it's a bugfix. Alternatively, you can just copy-paste the content of to /etc/init.d/https-dns-proxy after you install/stop it. The README for the new version is here:

Yes. There's also a nice WebUI. :wink:

1 Like

The WebUI is luci-app-https-dns-proxy correct?

The CLI method works on 18.06.6 (assuming I understand correctly). Does the WebUI also work on 18.06.6, or only 19.07?

The DoH proxy code currently is (and I hope will be after next PR) the same on 18.06, 19.07 and master, so the CLI commands you've pasted will work equally well on either branch.

1 Like

Could you kindly post here when/if the PR is accepted and implemented?

Can I install luci-app-https-dns-proxy on 18.06?

Any news on if your bug submission was been implemented yet?

Both principal package and Web UI are available in master, 19.07 and 18.06.

I just sent PRs for some fixes and the new README with description of options.

1 Like

Where can I find a copy of the README? Is it possible to read it now before installing? (How long do you anticipate it will take before the fixes are implemented into what users can download)?

Changes have been merged last night, so the new package (version 2019-12-03-3) should be available for 18.06, 19.07 and master either now or later today.

README is in github:

1 Like

Is there a possibility to use custom resolver URL from LUCI? Even if set it manually from command line, if any further update is done on LUCI, it is overwritten.

Some DOHS DNS services provide option have a custom resolver URL for personalized tracking and blocking. It will be good to have that available on LUCI interface,

Not with the current implementation. If you want to use resolver which is not listed, you'll have to use CLI.

When the WebUI is rewritten in js (some time this year) I was thinking of adding an option to append the resolver with customizations based on what NexDNS does. Which resolver specifically are you referring to?

1 Like

ok will wait for the feature.

cloudfare etc do have resolvers which can be customized.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.