Stubby and DoT not working anymore!

Lombus · May 17, 2020, 11:00pm

Hello guys. today I just turn on my modem router (TP-Link TD-W8970 V1) and see my DNS traffic did not resolving. I tried several possible ways and I doubt if my ISP was blocked DoT and Port 853.
My OpenWRT is: 19.07.2 and I using the last version of stubby.
I find this server list at dnsprivacy.org and try to set some servers with port 443 instead of 853. This is my current /etc/init.d/stubby:

.
.
.
# Upstream resolvers are specified using 'resolver' sections.

config resolver
       option address '145.100.185.15'
       option tls_auth_name 'dnsovertls.sinodun.com'
       option tls_port 443
       list spki 'sha256/62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4='
       # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
       # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
       # option tls_min_version '1.2'
       # option tls_max_version '1.3'

Is there anyway that I can make sure this problem isn't my side? and why I can't connect using port 443?

eduperez · May 18, 2020, 6:43am

First thing I would check is that the server is still active and accepting connections. Have you seen. Any messages in the logs?

Lombus · May 18, 2020, 11:20pm

There is nothing suspicious in the Logs. How can I check if server is running and accepting requests on my localhost?

orz · June 24, 2020, 6:57pm

Hi, there. I think I have the same problem too, and I think it's a little bug.
I'm running OpenWRT 19.07.3 and the latest version of stubby.

My stubby config example in /etc/config/stubby is:

config stubby 'global'
       option manual '0'
.
.
.
config resolver
        option address '2.3.3.3'
        option tls_auth_name 'example.dns'
        option tls_port 443

Then

/etc/init.d/stubby reload

But /var/etc/stubby/stubby.yml no any changes:

# Autogenerated configuration from uci data
.
.
.
upstream_recursive_servers:
  - address_data: 2.3.3.3
    tls_auth_name: "example.dns"

See? No "tls_port 443" option! I'm sure that's the WHY!

But I don't understand, the link shows /etc/init.d/stubby already supports option tls_port:

So I stopped stubby, added "tls_port: 443" to /var/etc/stubby/stubby.yml, run stubby in debug mode:

stubby -C /var/etc/stubby/stubby.yml -l

Wow, it worked.

PS: I tried to change "option tls_port 443" into "option tls_auth_port 443“ in /etc/config/stubby, no wonder happens. And sorry about my bad English.Hope all of you could understand.
Thanks.

wunderspud · June 27, 2020, 3:52pm

wunderspud · June 27, 2020, 4:02pm

orz · June 28, 2020, 9:40am

Great, thank you so much. Stubby is now working on custom tls_port.
Then I don't need https-dns-proxy, it's too buggy.

wunderspud · June 28, 2020, 11:46am

No problem - please do feel free to raise an issue in the openwrt-packages repo if you have issues with stubby in the future.

sapi69 · June 28, 2020, 12:55pm

i hope stubby have luci app

orz · June 28, 2020, 2:52pm

Well, I'll sign up a Github account when I'm ready to be a developer. If Github accept Microsoft account that would be better.

wunderspud · June 28, 2020, 3:08pm

It doesn't at the moment. It would be awesome if someone was to integrate stubby with luci though.