Add DNS config

This commit is contained in:
Quentin 2021-03-22 21:33:10 +01:00
parent fd0b98e0ad
commit 1ff1c1443d

View file

@ -211,7 +211,25 @@ verbose call end reason (3,2001): [cm] no-service
1. Set a password
2. Set a name: `parangon`
3. Set IP range: `192.168.0.254/24`
3. Set DNS to Quad9 unsecured
4. Set IP range: `192.168.0.254/24`
*Quad9 unsecured:*
IPv4
- 9.9.9.10
- 149.112.112.10
IPv6
- 2620:fe::10
- 2620:fe::fe:10
HTTPS
- https://dns10.quad9.net/dns-query
TLS
- tls://dns10.quad9.net
### ModemManager
@ -243,6 +261,8 @@ ping -6 openwrt.org
### Configure Wireguard
!!!!! BROKEN !!!!!!
On the router:
```bash
@ -280,44 +300,6 @@ Doc:
*Not relevant now*
### Configure our DNS recursive resolver
We use LuCi to setup our recursive DNS
Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server
Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq
Go to System -> Startup -> Start unbound
Check in Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you
Check with `netstat -tlpn` that unbound listens on port 53 and dnsmasq on port 5353.
Finally check with `dig +short @192.168.1.1 sci-hub.se` and `dig +short @192.168.1.1 parangon.lan` (this is the name of our router)
We use:
- http://kacangbawang.com/say-bye-to-providers-dns-servers-be-your-own-dns-resolver/
Related with OpenWRT:
- https://openwrt.org/docs/guide-user/services/dns/unbound
- https://openwrt.org/docs/guide-user/services/dns/dot\_unbound
- https://forum.openwrt.org/t/using-unbound-alongside-dnsmasq/50537
- https://gist.github.com/kevinoid/00656e6e4815e3ffe25dabe252e0f1e3
- https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/
- https://blog.josefsson.org/tag/openwrt/
- https://zhmail.com/2018/04/20/setting-up-a-dns-over-tls-forwarding-cache-on-openwrt-snapshot-r6693-or-later/
- https://www.dnssec-deployment.org/2012/03/a-validating-recursive-resolver-on-a-70-home-router/
- https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/
Not related with OpenWRT:
- https://calomel.org/unbound_dns.html
- https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/
Sites to test:
- sci-hub.se (`ping sci-hub.se` should not return `127.0.0.1`)
### Configure our adblocker
*Not yet written*
Test with Youtube on Android.
## Known Bugs
section\_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3