Any chance of adding DNS over HTTPS to Gargoyle?

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Any chance of adding DNS over HTTPS to Gargoyle?

Post by tapper »

Hi Any chance of adding DNS over HTTPS to Gargoyle?
The package is in the OpenWrt packages git It would just mien righting a script to make the changes to /etc/config/dhcp and exposing it to the GUI. I think. :)
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

RomanHK
Posts: 794
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by RomanHK »

I don't think anything like that will support Gargoyle. I tried DNS over TLS here: viewtopic.php?f=5&t=11924 and I wasn't successful. The Unbound Resolver application works well in the router. You can try DNS over TLS with the Unbound application. I can do a step-by-step Unbound installation guide.
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0

http://gargoyle.romanhk.cz custom builds by gargoyle users

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by tapper »

Yes I meen DNS over TLS. You can do it with dnsmasq with the package called https-dns-proxy.
https://openwrt.org/docs/guide-user/ser ... -dns-proxy
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

RomanHK
Posts: 794
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by RomanHK »

As I wrote (viewtopic.php?f=5&t=11924&start=20#p53245), the DNSMASQ (full) DNSSEC application disappointed me and did not validate correctly :( , here you can try it: https://rootcanary.org/test.html

That is. transmission would only be encrypted with HTTPS protocol but would not be properly validated by DNSSEC, so I will still stay with UNBOUND ;) .
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0

http://gargoyle.romanhk.cz custom builds by gargoyle users

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by tapper »

Hi I installed the https-dns-proxy in Gargoyle and it works grate You are rite about the TLS part tho. I am going to have ago at installing stubby. I will let you know how I get on. Btw on a DNS testing page it says that dnsmasq does dns ecc rite.
AT https://dnssec.vs.uni-due.de/
It says:
Yes, your DNS resolver validates DNSSEC signatures.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by tapper »

Hi after testing DNS over HTTPS and Stubby they both work just fine with DNSMasq. I all so tested them both with the adblock pluggin and it works for me. From What I am reading on the web it seems like DNS over HTTPS is geting used more by big projects like Firefox and the like. If DNS over HTTPS is getting used more then I think Gargoyle should use DNS over HTTPS.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

RomanHK
Posts: 794
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: Any chance of adding DNS over HTTPS to Gargoyle?

Post by RomanHK »

O.K. as I wrote, it depends on the user what they choose ;) .

DNS over HTTPS can be implemented as a plugin and can be further improved (fixes, improvements, ...). Another reason is the absence of free FLASH in older routers, so as a plugin is probably a good idea.

Observe carefully LOG, because a bad validation message appears from time to time, exceeding DNS packet size and STUBBY has a MX record problem (not always).
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0

http://gargoyle.romanhk.cz custom builds by gargoyle users

Post Reply