search

openwrt / packages

Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
GNU General Public License v2.0
3.97k stars 3.46k forks source link

stubby: Inconsistent documentation - DNS forwarders and Stubby Listeners - Which setup is correct? #17256

Open shoulders opened 2 years ago

shoulders commented 2 years ago

Maintainer: @jamesmacwhite Environment:

Item | Value -- | -- Model | BT Home Hub 5A Architecture | xRX200 rev 1.2 Firmware Version | OpenWrt 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.295.67054-13df80d Kernel Version | 5.4.154

Description:

The instructions on https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md

uci add_list dhcp.@dnsmasq[-1].server='127.0.0.1#5453'
uci set dhcp.@dnsmasq[-1].noresolv=1
uci commit && reload_config

Do not match with https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq_stubby

# Install packages
opkg update
opkg install stubby

# Enable DNS encryption
/etc/init.d/dnsmasq stop
uci set dhcp.@dnsmasq[0].noresolv="1"
uci -q delete dhcp.@dnsmasq[0].server
uci get stubby.global.listen_address \
| sed -e "s/\s/\n/g;s/@/#/g" \
| while read -r STUBBY_SERV
do uci add_list dhcp.@dnsmasq[0].server="${STUBBY_SERV}"
done
uci commit dhcp
/etc/init.d/dnsmasq start

The reason is that in the stubby config file there are 2 listeners defined and then UCI script above uses this to create the DNS forwarders in the dhcp config file. https://github.com/openwrt/packages/blob/04b82e9da01e8c067702867e3ad2a604f481b169/net/stubby/files/stubby.conf#L18-L19

In the instructions of the readme it says only to create a listener on 127.0.0.1#5453

Questions:

Which stubby listener setup is correct?

127.0.0.1#5453
or
127.0.0.1#5453
0::1#53

Which dnsmasq forwarder setup is correct?

127.0.0.1#5453
or
127.0.0.1#5453
0::1#53

Depending on the answer 1 set of documentation needs to be changed.

jamesmacwhite commented 2 years ago

Hi. I'm not the maintainer I'm afraid, I've submitted a PR once before and discussed some issues but I don't maintain the package. I no longer use stubby either as I found it had issues with DNSSEC on some sites.

Stubby should be IPv6 aware, so you can have both listeners if you wanted, but it will function fine with just 127.0.0.1 without the IPv6 equivalent.