Questions about installing DNS over HTTPS with Dnsmasq and https-dns-proxy

AndrewZ · October 18, 2019, 9:06am

OK, that is not required indeed. For some unknown reasons adding that option helped me with Cloudflare provider, but most likely it was a side effect or a misbehavior of the particular Cloudflare server. My recent clean test shows no issues besides one below.

Currently the bootstrap_dns keyword is used in the lua scripts :

    uci:set("https_dns_proxy", section, "bootstrap_dns", "1.1.1.1,1.0.0.1")

but it should be dns_servers instead:

-b dns_servers         Comma separated IPv4 address of DNS servers
                         to resolve resolver host (e.g. dns.google.com). (8.8.8.8,1.1.1.1,8.8.4.4,1.0.0.1,145.100.185.15,145.100.185.16,185.49.141.37)

The following config works for me:

# cat /etc/config/https_dns_proxy 
config https_dns_proxy
	option dns_servers '1.1.1.1,1.0.0.1'
	option url_prefix 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&'
	option listen_addr '127.0.0.1'
	option listen_port '5053'

vgaetera · October 18, 2019, 10:17am

Could you clarify the issue that requires this option?
Which OpenWrt version does it affect?
I want to reproduce it and document if necessary.

AndrewZ · October 18, 2019, 1:20pm

My recent test shows that this assumption was wrong, I've corrected my previous post.

mattbatt · February 15, 2020, 5:54am

Sorry to revive this dead thread but it is the first result in Google... So the package mentioned many times luci-app-https_dns_proxy doesn't seem to exist anymore. Did it change names or something?

tmomas · February 15, 2020, 6:46am

Does this work?

opkg update
opkg install luci-app-https-dns-proxy

mattbatt · February 15, 2020, 8:48pm

Yep it was hyphens not underscores that worked.
I also was not seeing the GUI in LUCI. It's under Services> DNS over HTTPS proxy. Apparently I was more tired than I thought.

stangri · February 16, 2020, 5:27pm

Init file ignores that option. It cannot affect anything.

Ashraaf · July 24, 2020, 8:10am

Since option noresolv='1' ignore all resolvfile, does local dnsmasq cache working at all since resolvfile's default 'nameserver 127.0.0.1' is ignored?

Should I disable it using option cachesize='0' or cachelocal='0' to prevent needless cache grow, saving device resources?

vgaetera · July 24, 2020, 8:18pm

The option noresolv doesn't affect caching, because Dnsmasq is still your primary resolver and it sends DNS queries to https-dns-proxy, which acts as a secondary resolver.