Author
Message
mkaand DD-WRT User Joined: 06 Jan 2008 Posts: 307 Location: Istanbul
Posted: Sat Jun 17, 2017 23:32 Post subject: Recursive DNS Resolving vs DNSMasq - Kong 31100M
I want to secure my internet connection. I have WRT1900ACv1 router and Kong's 31100M firmware. I use DNSMasq for blocking some hosts. If I disable Recursive DNS Resolving, DNSMasq is working but:
ipleak.net and whoer.net says DNS leak http://en.conn.internet.nl says DNSSEC is OK.
Here is my dnsmasq.conf
Code: interface=br0,ath0.1
resolv-file=/tmp/resolv.dnsmasq
strict-order
domain=xxxxxxxxxxxxxxxx
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=107
dhcp-option=br0,3,192.168.20.1
dhcp-option=ath0.1,3,192.168.21.1
dhcp-authoritative
dhcp-range=br0,192.168.20.100,192.168.20.149,255.255.255.0,1440m
dhcp-range=ath0.1,192.168.21.100,192.168.21.149,255.255.255.0,3600m
stop-dns-rebind
proxy-dnssec
address=/xxxxxxxxxxxxxxxxx/192.168.20.1
address=/api.netdrive.net/127.0.0.1
address=/keystone.mwbsys.com/127.0.0.1
address=/telemetry.malwarebytes.com/127.0.0.1
address=/idb.iobit.com/127.0.0.1
address=/asc55.iobit.com/127.0.0.1
address=/is360.iobit.com/127.0.0.1
address=/asc.iobit.com/127.0.0.1
address=/pf.iobit.com/127.0.0.1
address=/www.iana.org/127.0.0.1
address=/iunins.iobit.com/127.0.0.1
address=/sd.iobit.com/127.0.0.1
address=/apowersoft.com/127.0.0.1
address=/tonec.com/127.0.0.1
address=/www.tonec.com/127.0.0.1
address=/registeridm.com/127.0.0.1
address=/www.registeridm.com/127.0.0.1
address=/secure.registeridm.com/127.0.0.1
address=/internetdownloadmanager.com/127.0.0.1
address=/www.internetdownloadmanager.com/127.0.0.1
address=/secure.internetdownloadmanager.com/127.0.0.1
address=/mirror.internetdownloadmanager.com/127.0.0.1
address=/mirror2.internetdownloadmanager.com/127.0.0.1
address=/mirror3.internetdownloadmanager.com/127.0.0.1
If I enable Recursive DNS Resolving, ipleak.net and whoer.net says NO-DNS leak but I can resolve all of above hosts. (I cannot block hosts)
I need help. I want to block some of hosts (above) but in the same time I want to use Recursive DNS Resolving but how? Thanks. _________________Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top
Sponsor
mrjcd DD-WRT Guru Joined: 31 Jan 2015 Posts: 6268 Location: Texas
Back to top
mkaand DD-WRT User Joined: 06 Jan 2008 Posts: 307 Location: Istanbul
Posted: Mon Jun 19, 2017 6:24 Post subject:
Thank you very much for your fast response. I will check the link, but I found this, maybe it can fix my problem. Do you know how to change unbound's default listening port 53? _________________Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Last edited by mkaand on Wed Jun 21, 2017 11:45; edited 1 time in total
Back to top
mkaand DD-WRT User Joined: 06 Jan 2008 Posts: 307 Location: Istanbul
Posted: Mon Jun 19, 2017 8:39 Post subject:
I try to fix dnsmasq unbound war with following code. Looks like it is ok but something adds port= 0 to dnsmasq.conf. I need help please.
Code: sleep 10
stopservice unbound
sleep 10
sed -i '/server:/ a\port: 5353\' /tmp/unbound.conf
startservice unbound
sleep 5
stopservice dnsmasq
sleep 10
sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
startservice dnsmasq
I added these lines to dnsmasq additional options:
Code: proxy-dnssec
no-resolv
server=127.0.0.1#5353
_________________Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top
mkaand DD-WRT User Joined: 06 Jan 2008 Posts: 307 Location: Istanbul
Posted: Wed Jun 21, 2017 11:42 Post subject:
I made a solution for Unbound (Recursive DNS Resolving) and DNSMASQ working together.
Here is my startup script:
Code: # Working Together v1.0 (Unbound & DNSMasq)
# This startup script fixes battle of Unbound vs DNSMasq
# Written by Kaan Dogan - 21.06.2017
sleep 10
stopservice unbound
stopservice dnsmasq
sed -i '/server:/ a\port: 5153\' /tmp/unbound.conf
unbound -c /tmp/unbound.conf
sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf
And here is Additional DNSMasq Options:
Code: proxy-dnssec
no-resolv
port= 53
server=127.0.0.1#5153
_________________Kaan's World | @mkaand | PLEX Archive | Trakt.tv
Back to top