SmartDNS config with DNS over HTTPS

I suspect smartdns hasn't redirected properly. I ran into similar issues with AdGuardHome.

The best way to resolve it is to move dnsmasq and make it an internal resolver only (bumping it to port 5353). Then have smart dns be your primary resolver. Another reason for moving dnsmasq is because you dont want additional hops in your dns query chain. Also dnsmasq forks on every request and uses additional memory.

With AGH you can set your moved dnsmasq instance as a PTR or downstream lookup, and use DOH for upstream requests.

Additionally you have to understand that OpenWrt has two sets of DNS.

  • Its upstream that is derived from your ISP DHCP. The router by default will use this unless you change it manually.

  • And the DNS it hands out. Normally this is dnsmasq and uses the same upstream the router does.

However as you have got smartdns, you are bypassing the ISP dns and router dns for a direct lookup from your new upstream server. Thus you must make sure your downstream clients are using the correct DNS. This you set by using dhcp option 6 to pass it to your clients. In theory it should just take over but really you should be specifying it as part of a good network.

I have a more detailed explanation on that thread. The same principles apply to smartdns. Just replace AGH with smartdns.

(edit) - to check it properly redirected dnsmasq? look in the etc/config/dhcp file and find the port line.

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'
	option noresolv '1'
	option cachesize '1000'
	option rebind_protection '0'
	option port '5353'
	list server '192.168.1.1'

As you can see from mine it uses port 5353 and uses the upstream 192.168.1.1 server (my AGH)

1 Like

as told by @ pavelgl :pray:, it is now resolving DOH queries

One more basic question: can SmartDNS be used to block websites by using web URL or keywords and if yes how ?
block

having had a quick look, i would say no. It appears only to give you multiple upstream DNS providers. It wouldnt give you filtering/blocking capabilities. AGH does however.

You could point smartdns at a provider to do blocking for you like NextDNS but if you want control of your filters/blocking you would need something like AGH or adblock.

You can block websites by domain name.

image

3 Likes

yes , it does work . @pavelgl , you are an expert in smartDNS. :pray: :pray:

I read: https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md

Can it also be used to block ads , by using adlists?

Take a look at this thread:

https://github.com/pymumu/smartdns/issues/623

How do I insert in the SMARTdns?. Thanks

Make sure you have enough free space, because the size of the filter list is about 1.4 MB.

wget https://github.com/privacy-protection-tools/anti-AD/raw/master/anti-ad-smartdns.conf -P /etc/smartdns/
echo "conf-file /etc/smartdns/anti-ad-smartdns.conf" >> /etc/smartdns/custom.conf
/etc/init.d/smartdns restart
1 Like

Thanks :+1: :+1: :pray:.In this way you could also insert other lists such as from adblock/adguard?

You can add as many lists as you want, but they must be in a format supported by smartdns.

1 Like

Are you aware of any more?

No, I'm sorry. Try searching the web.