I wanted to confirm that DoH can be installed on 18.06.6 via CLI.
Hoping to avoid any problems, I wanted to review what I plan to do and hopefully get confirmation that I am not making any mistakes. I will be installing on a Linksys WRT1900ACS with 18.06.6 installed.
Update packages
opkg update
opkg install dnsmasq https-dns-proxy
Set Resolver by pasting this into CLI (Quad9)
while uci -q delete https-dns-proxy.@https-dns-proxy[0]; do :; done
uci add https-dns-proxy https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1]=https-dns-proxy
uci set https-dns-proxy.@https-dns-proxy[-1].bootstrap_dns='9.9.9.9,149.112.112.112'
uci set https-dns-proxy.@https-dns-proxy[-1].resolver_url='https://dns.quad9.net/dns-query'
uci set https-dns-proxy.@https-dns-proxy[-1].listen_addr='127.0.0.1'
uci set https-dns-proxy.@https-dns-proxy[-1].listen_port='5053'
uci set https-dns-proxy.@https-dns-proxy[-1].user='nobody'
uci set https-dns-proxy.@https-dns-proxy[-1].group='nogroup'
uci set https-dns-proxy.@https-dns-proxy[-1].ipv4_resolvers='1'
uci set https-dns-proxy.@https-dns-proxy[-1].verbosity='0'
uci commit https-dns-proxy
/etc/init.d/https-dns-proxy restart
There's an issue with the current build where it will back up alldhcp.@dnsmasq[0].server entries, includig your bypass dns encryption for NTP on start and restore them on stop.
I have code for the fix, but I'd prefer to test it a bit more and I need to finish the README before I send the PR for the official repo.
The DoH proxy code currently is (and I hope will be after next PR) the same on 18.06, 19.07 and master, so the CLI commands you've pasted will work equally well on either branch.
Where can I find a copy of the README? Is it possible to read it now before installing? (How long do you anticipate it will take before the fixes are implemented into what users can download)?
Changes have been merged last night, so the new package (version 2019-12-03-3) should be available for 18.06, 19.07 and master either now or later today.
Is there a possibility to use custom resolver URL from LUCI? Even if set it manually from command line, if any further update is done on LUCI, it is overwritten.
Some DOHS DNS services provide option have a custom resolver URL for personalized tracking and blocking. It will be good to have that available on LUCI interface,
Not with the current implementation. If you want to use resolver which is not listed, you'll have to use CLI.
When the WebUI is rewritten in js (some time this year) I was thinking of adding an option to append the resolver with customizations based on what NexDNS does. Which resolver specifically are you referring to?