Skip to content

Latest commit

 

History

History
58 lines (42 loc) · 2.22 KB

openwrt.md

File metadata and controls

58 lines (42 loc) · 2.22 KB

Enabling Uncensored DNS over HTTPS in OpenWrt

This is tested in OpenWrt 22.03, but probably works in other versions as well.

Install necessary packages

Install the package(s) https-dns-proxy and optionally luci-app-https-dns-proxy using your preferred method (e.g. by SSH'ing into the router or using the web interface).

The luci package will allow you to change some settings via the web interface. Unfortunately, it only allows you to select predefined DoH providers. Thus, in order to add Uncensored DNS as a provider, you need to SSH into the router and edit the file /etc/config/https-dns-proxy

An example configuration could look like this:

config main 'config'
        option update_dnsmasq_config '*'
        option force_dns '1'
        list force_dns_port '53'
        list force_dns_port '853'

config https-dns-proxy
        option bootstrap_dns '208.67.222.222,208.67.220.220'
        option resolver_url 'https://anycast.uncensoreddns.org/dns-query'

config https-dns-proxy
        option bootstrap_dns '208.67.222.222,208.67.220.220'
        option resolver_url 'https://unicast.uncensoreddns.org/dns-query'

Please note that the OpenDNS DNS servers are used for bootstrapping in this example. These are only used for the initial unencrypted lookup of the DNS records for the resolvers. You can change this to something else, if you prefer another provider.

Save the file and reload the https-dns-proxy service. If all goes well, this is all you need to do.

Warning about the DNS HTTPS Proxy service page in the web interface

After reloading the service, the Uncensored DNS servers will be listed as "Unknown Provider DoH" under Service Status. Even worse, the 2 editable entries under Instances will be listed as "AhaDNS" or whatever happens to be the first provider in your built in list of providers.

Do not press the Save & Apply button, as this will overwrite your configuration with the servers that are selected under Instances. If you do it anyway, you need to go back and edit the configuration by hand.

Screenshot of the DNS HTTPS Proxy service page in the OpenWrt web interface