DD-WRT :: View topic

DNS Cache

DD-WRT Forum Index -> Broadcom SoC based Hardware

Author

Message

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Fri Sep 16, 2016 22:04 Post subject: DNS Cache
Asus RT-AC88u running DD-WRT 09-14-2016-r30631. The goal is to use DNSCrypt as a forwarder for a DNS cache. Other than dnsmasq, are there other DNS cache options for DD-WRT ? Can you install unbound on DD-WRT ?

Sponsor

<Kong>
DD-WRT Guru

Joined: 15 Dec 2010
Posts: 4339
Location: Germany

Posted: Sat Sep 17, 2016 7:01 Post subject: Re: DNS Cache

Denna wrote:

Asus RT-AC88u running DD-WRT 09-14-2016-r30631.

The goal is to use DNSCrypt as a forwarder for a DNS cache.

Other than dnsmasq, are there other DNS cache options for DD-WRT ?

Can you install unbound on DD-WRT ?

Unbound is already included, you just have to enable it:

Setup->Basic Setup->Recursive DNS Resolving
_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Sat Sep 17, 2016 13:51 Post subject:
Vielen Dank ! If you enable Recursive DNS Resolving, do you disable DNSMasq for DNS ?

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 6291
Location: Texas

Posted: Sat Sep 17, 2016 14:53 Post subject:

Denna wrote:

Vielen Dank !

If you enable Recursive DNS Resolving, do you disable DNSMasq for DNS ?

No

I run it all. You can google ny name+ unbound+ddwrt and see some stuff... although will be in Atheros forum.
Enable it and you can check https://ipleak.net/
Also https://en.internet.nl/
there is others ...
unbound is a great service DD-WRT has included in compatible routers.

Have fun w/dd-wrt ... lots to learn Smile

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Sat Sep 17, 2016 16:02 Post subject:
mrjcd, I read the posts you referred to. If unbound is used for the DNS cache, how would you configure it to forward to DNSCrypt and use DNSSEC ? Is DNSCrypt in DD-WRT or do you have to use the lancethepants ARM binary ?

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 6291
Location: Texas

Posted: Sat Sep 17, 2016 17:42 Post subject:

Denna wrote:

mrjcd,

I read the posts you referred to.

If unbound is used for the DNS cache, how would you configure it to forward to DNSCrypt and use DNSSEC ?

Is DNSCrypt in DD-WRT or do you have to use the lancethepants ARM binary ?

DNSSEC is part of unbound.
If you enable it and check links I provided you will see that your DNS queries are protected

https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Sat Sep 17, 2016 18:31 Post subject:
So in order to run DNSCrypt, an ARM binary would have to be run, correct ?

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 6291
Location: Texas

Posted: Sat Sep 17, 2016 18:50 Post subject:

Denna wrote:

So in order to run DNSCrypt, an ARM binary would have to be run, correct ?

I've read some about DNSCrypt / dd-wrt in past.
Google can be your friend Smile

Not really sure what you are after.
Unbound >>>> DNSSEC- queries to DNSSEC-signed domains ... what is the use of running DNSCrypt???

Hopefully someone can answer you better .. and I've never run unbound on a broadcom router anyways

good luck -

edit:
alrighthen one more thing before I leave.
If you have Recursive DNS resolving (unbound) running you can
cat /etc/unbound/named.cache
to see what root servers are being used and its public key
cat /etc/unbound/root.key

Also if using local DNS you can still run unbound with no problem.... they fixed that a while back.

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Tue Sep 20, 2016 6:02 Post subject:
What happens if you enable unbound, but don't enable Dnsmasq for DNS ? _________________ Asus RT-AC88u running DD-WRT 12-15-2016-r30949

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Sun Sep 25, 2016 6:49 Post subject:
What happens on the router side when you enable unbound, but don't enable Dnsmasq for DNS ? _________________ Asus RT-AC88u running DD-WRT 12-15-2016-r30949

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands

Posted: Sun Sep 25, 2016 14:39 Post subject:

mrjcd wrote:

Denna wrote:

So in order to run DNSCrypt, an ARM binary would have to be run, correct ?

I've read some about DNSCrypt / dd-wrt in past.
Google can be your friend Smile

See: https://www.opendns.com/about/innovations/dnscrypt/

DNScrypt encrypts the DNS query to prevent man in the middle attack so DNScrypt and DNSSec are complementary
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 6291
Location: Texas

Posted: Sun Sep 25, 2016 15:01 Post subject:
AFAIK DNSSEC is immune to man-in-the-middle spoofing. If using DNSSEC you are going to get to where you want to go. That being said -- it is NOT encrypted so presumably man-in-the-middle can see where you are going EDIT: yea it would be nice to have both w/dd-wrt

Denna
DD-WRT User

Joined: 16 Sep 2016
Posts: 101

Posted: Tue Sep 27, 2016 19:35 Post subject:
Kong, egc and mrjcd, Thanks for the help. _________________ Asus RT-AC88u running DD-WRT 12-15-2016-r30949

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Broadcom SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Log in

DNS Cache

Quick Links

Log in