Hi,
i have sucessfully setup unbound on my Openwrt box and at the moment i use cloudflare DNS servers.
Now i want to try to use ADGuard DoT servers but i cannot find a way to get this working.
According to this link https://adguard.com/en/adguard-dns/setup.html#instruction and https://kb.adguard.com/en/general/dns-providers#adguard-dns i tried the differnet combinations but it doesnt seems to help.
The ADGuard support wrote that i should put tls://dns.adguard.com to the unbound_ext.conf file.
But this doenst follow the syntax.
Anyway to get this to work ?
noone an idea ?
man unbound.conf
That works for me (unbound 1.9.1):
#/etc/unbound/unbound_ext.conf'
forward-zone:
name: "."
forward-addr: 176.103.130.130@853#dns.adguard.com
forward-addr: 176.103.130.131@853#dns.adguard.com
forward-tls-upstream: yes
forward-first: yes
#/etc/unbound/unbound_srv.conf'
num-threads: 4
verbosity: 1
prefetch: yes
prefetch-key: yes
tls-upstream: yes
tls-service-pem: /etc/ssl/certs/ca-certificates.crt
I don't use stubby & friends - just unbound. Of course you could configure the family shield server and/or IPv6 as well.
I cannot get this to work
Tue Mar 19 10:55:10 2019 daemon.err unbound: [1405:0] error: ssl handshake failed crypto error:14090086:lib(20):func(144):reason(134)
Tue Mar 19 10:55:10 2019 daemon.notice unbound: [1405:0] notice: ssl handshake failed 176.103.130.130 port 853
Well, which unbound version did you use?
i'm using unbound 1.9.1-1
Maybe i'm missing some required packages ?
I'm using the latest OpenWrt snapshots which are include openssl 1.1.1b ... I think OpenWrt 18.x is still on openssl 1.0.x - most probably it's related to that, but I'm no crypto expert.
I'm using these unbound packages:
> opkg list-installed | grep unbound
libunbound - 1.9.1-1
luci-app-unbound - git-19.069.61084-db98461-1
unbound - 1.9.1-1
unbound-control - 1.9.1-1
maybe thats the culprit.
Any way to update openssl to 1.1.1b on Stable 18.06.2 ?
ok .. i answer myself
I made an upgrade to latest snapshot, reinstalled all needed packages and configured @dibdot 's config and VOILA it works
One ore question about snapshots.
Is it possible to update packages with opkg like with stable variant ? Because i think i read somewhere that when an new snapshot is out opkg updates dont work anymore for installed snapshot.
Upgrade shouldn't be used on a normal basis; but to answer your question, software should work the same.
A warning, though: upgrading software in a snapshot is even more dangerous, since the stability between software and the kernels are changing constantly.
If you are using snapshots for production routers, then yes.
You would:
- Download new snapshot
- Sysupgrade
- Reinstall any needed packages
ok ... thanks
One more question: Is there a kind of changelog for snapshots ?