1

Stubby & dnsmasq

I have configured Stubby on OpenWRT 15.05.1 but any queries made aren't showing up in the logs via the NextDNS control panel.

However if I configure the dnsmasq.conf file to include the settings listed on the Setup page then I can see the queries on the log page.

Should I have both Stubby and Dnsmasq.conf configured?

10 replies

null
    • olivier
    • 3 yrs ago
    • Reported - view

    No you don’t need both.

      • Hamish
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey when I use a Stubby config nothing is getting filtered but when I use dnsmasq it is filtered and I can see DoT is working

    • Hans_Geiblinger
    • 3 yrs ago
    • Reported - view

    Follow this step by step: https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md

     

    Do not proceed any further once you get to "Enabling DNSSEC", it seems NextDNS does not support DNS between you and it. However, NextDNS itself uses DNSSEC for upstream.

      • olivier
      • 3 yrs ago
      • Reported - view

      Hans Geiblinger it’s not that NextDNS do not support DNSSEC, but by design, it breaks DNSSEC when altering the responses to perform blocking or rewriting. We validate DNSSEC server side, so it is not necessary to do it on the client.

      • Hamish
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey so if I remove DNSSEC, remove the dnsmasq conf settings and only have stubby running then I should start seeing the DNS queries on the logs page and have filtered internet?

      • olivier
      • 3 yrs ago
      • Reported - view

      Hamish yes, if it doesn’t, your version of Stubby is probably linked to an old version of openssl that does not support SNI, so you will have to keep the dnsmasq config.

      • Hamish
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey thanks for that information, I'll see if I can update OpenSSL.

      • Hamish
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey I did an upgrade and can only get up to version 1.0.2t-1

      • olivier
      • 3 yrs ago
      • Reported - view

      Hamish you are out of luck with stubby then.

    • Hans_Geiblinger
    • 3 yrs ago
    • Reported - view

    I'm sure there is a reason, but why are you still on an ancient build of Owrt?

Login to reply

Content aside

  • 1 Likes
  • 3 yrs agoLast active
  • 10Replies
  • 716Views
  • 4 Following