Page 1 of 1
Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Fri Jul 12, 2019 6:49 pm
by tapper
Hi Any chance of adding DNS over HTTPS to Gargoyle?
The package is in the OpenWrt packages git It would just mien righting a script to make the changes to /etc/config/dhcp and exposing it to the GUI. I think.
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Sat Jul 13, 2019 4:57 am
by RomanHK
I don't think anything like that will support Gargoyle. I tried DNS over TLS here:
viewtopic.php?f=5&t=11924 and I wasn't successful. The
Unbound Resolver application works well in the router. You can try DNS over TLS with the
Unbound application. I can do a step-by-step
Unbound installation guide.
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Sun Jul 14, 2019 7:01 pm
by tapper
Yes I meen DNS over TLS. You can do it with dnsmasq with the package called https-dns-proxy.
https://openwrt.org/docs/guide-user/ser ... -dns-proxy
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Mon Jul 15, 2019 1:35 am
by RomanHK
As I wrote (
viewtopic.php?f=5&t=11924&start=20#p53245), the
DNSMASQ (full) DNSSEC application disappointed me and did not validate correctly
, here you can try it:
https://rootcanary.org/test.html
That is. transmission would only be encrypted with HTTPS protocol but would not be properly validated by DNSSEC, so I will still stay with
UNBOUND 
.
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Mon Jul 15, 2019 11:38 am
by tapper
Hi I installed the https-dns-proxy in Gargoyle and it works grate You are rite about the TLS part tho. I am going to have ago at installing stubby. I will let you know how I get on. Btw on a DNS testing page it says that dnsmasq does dns ecc rite.
AT
https://dnssec.vs.uni-due.de/
It says:
Yes, your DNS resolver validates DNSSEC signatures.
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Tue Jul 16, 2019 5:20 pm
by tapper
Hi after testing DNS over HTTPS and Stubby they both work just fine with DNSMasq. I all so tested them both with the adblock pluggin and it works for me. From What I am reading on the web it seems like DNS over HTTPS is geting used more by big projects like Firefox and the like. If DNS over HTTPS is getting used more then I think Gargoyle should use DNS over HTTPS.
Re: Any chance of adding DNS over HTTPS to Gargoyle?
Posted: Tue Jul 16, 2019 5:39 pm
by RomanHK
O.K. as I wrote, it depends on the user what they choose
.
DNS over HTTPS can be implemented as a plugin and can be further improved (fixes, improvements, ...). Another reason is the absence of free FLASH in older routers, so as a plugin is probably a good idea.
Observe carefully LOG, because a bad validation message appears from time to time, exceeding DNS packet size and STUBBY has a MX record problem (not always).