I recently decided to implement DNS over TLS and found that many tutorials were not oriented to those who are less tech savvy. This is a simple approach which allows you to do all configuration in LuCI without any CLI commands. I have to give credit to https://candrews.integralblue.com/2018/08/dns-over-tls-on-openwrt-18-06/, as that is where I got my setup instructions from, and just figured out how to do them in LuCI
- This setup expects you to use Cloudflare's DNS resolvers. If you want to use an alternative such as Google DNS, you will have to use some CLI.
- This tutorial is based on the latest master branch commit as of 2018-01-10. The steps may be similar for different versions or setups, but are not guaranteed. Most likely these steps are going to be the same for 18.06.1, but I don't quite remember the differences in LuCI.
- Log into LuCI at http://192.168.1.1/cgi-bin/luci/, go to System -> Software, and hit the Update Lists button.
- Filter down to find the package called "stubby", and click the Install button. For OpenWrt 18.06.1 users, also install "ca-certificates" and "ca-bundle". This is needed due to a missed dependency on the stubby package. Newer versions of OpenWrt corrected this.
- Go to System -> Startup, find stubby, and click the Start button. Also set stubby to "Enabled" on this same screen.
- Under Network -> DHCP and DNS, click the "Resolv and Hosts Files" tab, and put a check mark next to "Ignore resolve file". Press Save & Apply.
- Under Network -> DHCP and DNS, click the "General Settings" tab, set the "DNS forwardings" list to
- Go to System -> Startup, find "dnsmasq" and click "Restart".
Your done! To verify everything is working, open a new tab in your internet browser and try to go to some websites you don't normally go to. You can also go to https://www.cloudflare.com/ssl/encrypted-sni/ and press "Check My Browser". You should see green check marks for "Secure DNS" and "DNSSEC".