OpenWRT - Configure DNS-over-HTTPS (DoH)

Показать описание

In this video, we are going to configure DNS over HTTPS on OpenWRT LuCI to secure the DNS queries that come from LAN devices to the internet. If you want configure DNS-over-TLS, you can check out the tutorial on the link below.
In order to configure DoH, we will need 2 main packages - dnsmasq which is the default DNS resolver for OpenWRT and https-dns-proxy. Besides, you will need luci-app-https-dns-proxy in order to monitor & configure DoH on LuCI. https-dns-proxy uses Google and Cloudflare as default DoH providers and we are fine with that.

Videotimeframe:

00:00 - DNS-over-HTTPS with Dnsmasq and https-dns-proxy
00:36 - Install required packages
01:52 - Access https-dns-proxy on LuCI
03:28 - DNS leak test
04:23 - Setup our your preferred DoH provider
04:55 - Force DNS request to port 53 to https-dns-proxy

Custom Firewall rule:
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:5053
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:5053
ptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:5054
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:5054

Resources:

Thanks for watching and see you in the next video!

Рекомендации по теме

Комментарии

I didn't see function Custom Rules tab on the OpenWRT admin page from Network\Firewall\. How I use this function? I used version OpenWrt 22.03.5 r20134-5f15225c1e / LuCI openwrt-22.03 branch git-23.093.57104-ce20b4a

tungbbq

Thank you for this. How does this work with ipv6? I tried configuring regular dns and just found ipv6 was just totally blocked causing things not to load in my phone apps.

paulstejskal

Van thank you so much for these great practical tutorials. Just a couple of questions:
1- is the custom firewall rule necessary if the DNS forwarding setting is configured in the DHCP tab? Would keeping the firewall rule and removing the DHCP configuration still keep DOH enabled?
2- I have tried installing both adblock and DOH (basically filter out all unwanted urls before they are sent to the DOH service for encryption) but they seem to interfere as they both use dnsmasq. Unfortunately I don't have the know-how to make them cooperate (sometimes DOH would work but not adblock, and vice versa). Would you kindly be able to assist me with this?

mistamal

I am unable to set it up to work with mullvad

genhen

I get like 6 google servers when running dnsleaktest. Is that ok? When picking cloud flare I only see one dns even when performing an extended test. Thanks for the video!

cuentarealme

Hi does the https-dns-proxy work with sqm? Im not able to test for bufferbloat

extremedexterity

Custom rule no longer available in the firewall section

LBUK.

Hi van! Do you have video how to create dns hijacking or interception? i followed the tutorial from openwrt doc but it seems doesn't work. dnsleak keeps detecting my custom pc dns not the router dns

bamskination

Thanks for this easy to follow DNS tutorial 😊

I have a wifi router with two radios. Do you have a tutorial on how to bridge the two wifi radios with the GUI?

JC-gucf

after use this doh why my load balance error, wwan error 8

croaxzone

Hello Van! Is the firewall rule necessary? Greetings from Brazil.

williamhsantos

Can you tell me what's the point of doing this? Can't we simply put a custom DNS directly on the network interface settings?

otakumemenepal

passwall also got this function
can i ask war is this

alexkhor

Hello, great class!!!
I'm trying to upload a gnix in openwrt. I'm having a lot of difficulties. Have you ever tried?

welliolima

Hello,
Thanks for the tutorial,
I was following step by step like on the video, but at the end i can't connect to the internet.

Hope u can help me bro.
Thanks a lot

KendyPCCorner

Is it possible to install Unbound with OpenWRT ? And will it works correctly ?

carves

make some SmartDNS tutorial please :D thank you

GMCrelan

hello van, have you considered my suggestion regarding content on how to host files from openwrt?

rifemhere

Request ! install Tunnel Openwrt Trojan, Vmess, Wireguard, Shadowsock, etc. Please !!

PutraKawasen

OpenWRT - Configure DNS-over-HTTPS (DoH)

OpenWRT - Configure DNS-over-HTTPS (DoH)

How to Enable DNS over HTTPS (DoH) on OpenWRT

OpenWRT - Configure DNS-over-TLS with Cloudflare DNS

Force DNS (OpenDNS or Google DNS etc) OpenWrt Router

TUTORIAL pemasangan DNS OVER HTTPS di OpenWrt

Simple Demonstration of DNS over HTTPS DoH

DNS over HTTPS in 2 Minutes

Encrypt Your DNS (STOP Your ISP SNOOPING!)

Extend OpenWRT DNS with lines to resolve local IP

[TUT] OpenWrt - DNS-Server ändern [4K | DE]

How to log all DNS requests made through OpenWRT router? (4 Solutions!!)

How do I change DNS? ( OpenWrt 19.07.3 )

Tutorial Cara Pasang DDNS Pada OpenWrt

DNS Filtering with AdGuard Home or Pi-hole - with or without OpenWrt

Change DNS servers in an OpenWrt router from command line

CUSTOM DNS OPENWRT

DNS-Over-HTTPS and Secure64 DNS Proxy

OpenWRT router's dnsmasq settings block lan name resolution? (2 Solutions!!)

Unbound DNS Resolver on OpenWrt Router

How to set up dnsmasq for static ip-address name resolving on OpenWrt?

Host Your Own Encrypted DNS Server

DNS over HTTPS aka DOH!

Block ALL ads with this…(and speed up your internet)

OpenWRT dnsmasq: possible DNS-rebind detected (2 Solutions!!)