Closed jackyaz closed 6 years ago
Did you tried to configure unboud
to use DNS over TLS? What's the killer feature of stubby
?
I hadn't looked into unbound and the configuration thereafter, as Stubby looked to be a more "install and go" solution.
Unbound can work with dns over TLS. But only works on one of my device, others not. I don't know why.
https://dnsprivacy.org/wiki/plugins/servlet/mobile?contentId=1278021#content/view/1277989
Stubby is recommended by dnsprivacy.org
Quoted from the link provided above. “Run Unbound as a local forwarder using the ssl_upstream option to encrypt outgoing queries. This is provides a local caching resolver but at the moment Unbound doesn't fully support RFC7766 as a client and so you may not see the same performance as from Stubby (which pipelines queries). “
As this is a solution that can install and use immediately. I support adding into entware please. Thanks
I'm going sit on this and wait for reaction on this PR to avoid doing the same job twice.
Hey Everyone,
The main reason I personally wanted to try stubby (and getdns) was because of some of the connection features. You can see a table here: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Implementation+Status
I tried Unbound but it seemed somewhat slow (on my device at least). It also seemed like DNS requests would time out during regular browsing. It could have just been my connection.... but results with stubby have been pretty good for me so far. At times there is some minor latency on initial connection for lookups (somewhat expected), but nothing drastic. Using DNS Bench, once stubby has some connections open, it almost keeps up with an unecrypted connection to the same resolver.
I should mention I still use unbound, but it just sends unencrypted DNS queries locally to stubby (to then be sent out to quad9).
Merged in OpenWrt. Just wait for the next sync.
Package: https://github.com/getdnsapi/stubby
For new package to be added:
To replace now abandoned dnscrypt-proxy
Platform:
RT-AC87U running AsusWRT - Merlin