I wanted my router's upstream DNS connections to be encrypted, and after some googling concluded installing https-dns-proxy should be the simplest method of accomplishing encrypted DNS.
For this reason, I requested custom builds on the firmware selector with only luci-app-https-dns-proxy added and made sure that dependencies like the actual https-dns-proxy package is resolved and included in the image (as per STDERR logs). The problem is, whenever I sysupgrade to this custom build LuCi no longer works, Firefox says "Unable to connect," and Chrome gives ERR_CONNECTION_TIMED_OUT.
I first did this with 22.03.3 cycle and now with .5, both with same results. The only difference is, somehow, Android's built-in encrypted DNS thing (which I believe is DoT implementation) doesn't work on this network.
Internet is working, I can also SSH into it and sysupgrade to regular build to restore LuCi. But I want to use https-dns-proxy, I want to know why this is not working, and if my only option is to install it on a regular build.
Custom build with luci-ssl worked! But how did you know? LuCi is accessible regular HTTP to, so what's this package even for? And If it's a requirement, why isn't it a dependency for luci-app-https-dns-proxy?
Separately, does anyone know how to verify if DoH is working correctly? Cloudflare Browser Check gets me a question mark for Secure DNS: "We weren’t able to detect whether you were using a DNS resolver over secure transport." Should I be satisfied with this?
Oh, right. DNS from DHCP is just going to be regular IP address, and it's up to the client to check if it does DoT and take advantage of that. But I just don't know where on OpenWrt to configure what DNS is advertised on DHCP...
This one I know: Ubuntu's probably using systemd-resolved, you need to add DNSOverTLS=yes or DNSOverTLS=opportunistic in one of the relevant conf files.