Шифроавние DNS-запросов

Есть две техники DNS over TLS (с помощью пакета stubby) и DNS over HTTPS (с помощью http-dns-proxy).
Говорят, что stubby (DoT) работает быстрее и лучше https://forum.openwrt.org/t/https-dns-proxy-vs-stubby/52446




  • Log into LuCI at 45, go to System → Software, and hit the Update Lists button.
  • Filter down to find the package called “stubby”, and click the Install button. For OpenWrt 18.06.1 users, also install “ca-certificates” and “ca-bundle”. This is needed due to a missed dependency on the stubby package. Newer versions of OpenWrt corrected this.
  • Go to System → Startup, find stubby, and click the Start button. Also set stubby to “Enabled” on this same screen.
  • Go to Network → Interfaces. Click the edit button for WAN, go to advanced settings, and uncheck “Use DNS servers advertised by peer” and in “Use custom DNS servers” set it to Then press Save & Apply. Repeat this same step for the WAN6 interface, using 0::1 instead of
  • Under Network → DHCP and DNS, click the “Resolv and Hosts Files” tab, and put a check mark next to “Ignore resolve file”. Press Save & Apply.
  • Under Network → DHCP and DNS, click the “General Settings” tab, set the “DNS forwardings” list to 0::1#5453 and
  • Go to System → Startup, find “dnsmasq” and click “Restart”.


У меня работал DNS over HTTPS, однако он часто затуплял (очень нагружал проц) и переставал работать. Изменение настрок не сильно помогало. Версии LEDE - 18.06 и 19.07.

Enter your comment. Wiki syntax is allowed:
  • openwrt/openwrt_lede_dns_over_https_tls.txt
  • Last modified: 2020/11/11 21:44
  • by admin