If you enable Recursive DNS Resolving, do you disable DNSMasq for DNS ?
No
I run it all. You can google ny name+ unbound+ddwrt and see some stuff... although will be in Atheros forum.
Enable it and you can check https://ipleak.net/
Also https://en.internet.nl/
there is others ...
unbound is a great service DD-WRT has included in compatible routers.
So in order to run DNSCrypt, an ARM binary would have to be run, correct ?
I've read some about DNSCrypt / dd-wrt in past.
Google can be your friend
Not really sure what you are after.
Unbound >>>> DNSSEC- queries to DNSSEC-signed domains ... what is the use of running DNSCrypt???
Hopefully someone can answer you better .. and I've never run unbound on a broadcom router anyways
good luck -
edit:
alrighthen one more thing before I leave.
If you have Recursive DNS resolving (unbound) running you can
cat /etc/unbound/named.cache
to see what root servers are being used and its public key
cat /etc/unbound/root.key
Also if using local DNS you can still run unbound with no problem.... they fixed that a while back.
What happens on the router side when you enable unbound, but don't enable Dnsmasq for DNS ? _________________ Asus RT-AC88u running DD-WRT 12-15-2016-r30949
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sun Sep 25, 2016 14:39 Post subject:
mrjcd wrote:
Denna wrote:
So in order to run DNSCrypt, an ARM binary would have to be run, correct ?
I've read some about DNSCrypt / dd-wrt in past.
Google can be your friend
Not really sure what you are after.
Unbound >>>> DNSSEC- queries to DNSSEC-signed domains ... what is the use of running DNSCrypt???
Hopefully someone can answer you better .. and I've never run unbound on a broadcom router anyways
good luck -
edit:
alrighthen one more thing before I leave.
If you have Recursive DNS resolving (unbound) running you can
cat /etc/unbound/named.cache
to see what root servers are being used and its public key
cat /etc/unbound/root.key
Also if using local DNS you can still run unbound with no problem.... they fixed that a while back.
AFAIK DNSSEC is immune to man-in-the-middle spoofing.
If using DNSSEC you are going to get to where you want to go.
That being said -- it is NOT encrypted so presumably man-in-the-middle can see where you are going