Stubby with MWAN3

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,
I tried to use DoT with Stubby. However, when I'm using MWAN3, it always selects one WAN interface. In my case WAN2. The problem is when WAN2 is down, DoT is no longer functional and clients seeing no internet due to the DNS resolver is not providing any data.

So how do I fix this issue?
Stubby config:

config stubby 'global'
		option manual '0'
		list dns_transport 'GETDNS_TRANSPORT_TLS'
		option tls_authentication '1'
		option tls_query_padding_blocksize '128'
		option appdata_dir '/var/lib/stubby'
		option edns_client_subnet_private '1'
		option idle_timeout '10000'
		option round_robin_upstreams '1'
		list listen_address '127.0.0.1@5453'
		list listen_address '0::1@5453'
		option trigger 'isptwo'

config resolver
		option address '2606:4700:4700::1111'
		option tls_auth_name 'cloudflare-dns.com'

config resolver
		option address '2606:4700:4700::1001'
		option tls_auth_name 'cloudflare-dns.com'

config resolver
		option address '1.1.1.1'
		option tls_auth_name 'cloudflare-dns.com'

config resolver
		option address '1.0.0.1'
		option tls_auth_name 'cloudflare-dns.com'

Also, I like to use CloudFlare Family Protection instead of 1.1.1.1, so any way to do that?
Thanks

2

Make mwan3 use both wans for the destination addresses instead of only wan2.

Did you try to replace the address of that resolver in the stubby config?

3

Q1. Do you mean creating rules for 1.1.1.1 and 1.0.0.1 in MWAN3?
Q2. I was thinking about but later I did some research, I believe I have to replace tls auth key in order to make them work. Not sure yet.

4

The very least. I don't know which rules you are using in general, but it looks like you are sending everything to wan2.

5

I followed this guide

and mentioned

. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
uci set stubby.global.trigger="${NET_IF}"
uci commit stubby
6

This is a known issue:
Stubby "option trigger" help - #4 by ddy64