Secure DNS using Stubby-Installer for Asuswrt-Merlin Firmware

[Xentrk]

The Problem - Your DNS Queries are not private!
The primary issue with DNS queries is they are sent in clear text, which means passive eavesdroppers can observe all the DNS lookups performed.  Your Internet Service Provider (ISP) can log what sites you visit and sell your browsing history to advertisers or government agencies.  Please refer to https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+-+The+Problem for a complete list of issues with the current state of DNS.

Stubby to the Rescue
Stubby is an application that acts as a local DNS Privacy stub resolver using DNS-over-TLS. Stubby encrypts DNS queries sent from a client machine to a DNS Privacy resolver increasing end user privacy.

Since Stubby is in the early stages of development, it may not be suitable for non-technical users. To assist users to implement Stubby, I wrote a Stubby installer script to make the process easier.

The install script defaults to Cloudflare (1.1.1.1) DNS-over-TLS on port 853. You can change to other supported public or test resolvers by updating the Stubby configuration file located in /opt/etc/stubby/stubby.yml.

All Asus models supported by Asuswrt-Merlin are supported by this script. To date, I have received confirmation that it works on the following models:

• RT-AC66U_B1
• RT-AC68U
• RT-AC87U
• RT-AC88U
• RT-AC3100
• RT-AC3200
• RT-AC5300
• RT-AC86U
• RT-AX88U
• GT-AC5300

 

For information on Stubby, including how to install and validate, visit the Stubby-Installer-Asuswrt-Merlin GitHub Repository.

For information on how the settings were derived at, see my blog post DNS over TLS with DNSMASQ and Stubby on Asuswrt-Merlin.

Support Forum
Please post questions on the support forum at https://www.snbforums.com/threads/stubby-installer-asuswrt-merlin.49469/

Installation
Using your preferred SSH client/terminal, copy and paste the following command, then press Enter:
 

Code:

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/Stubby-Installer-Asuswrt-Merlin/master/install_stubby.sh" -o "/jffs/scripts/install_stubby.sh" && chmod 755 /jffs/scripts/install_stubby.sh && sh /jffs/scripts/install_stubby.sh

Then, select the install option from the menu. You may also install Stubby using amtm - the SNBForum Asuswrt-Merlin Terminal Menu

 

Edited January 26, 2019 by Xentrk
grammar

[Xentrk]

There is another option for those of you who don't have an Asus router running Asuswrt-Merlin firmware. Cloudflare recently introduced apps in the iOS and Android stores that you can install on your mobile devices  See https://1.1.1.1/?utm_medium=website&utm_source=hmc&utm_campaign=resolver-mobile-app-launch

 

Similarly, you can configure DNS-over-DOT if you use a Firefox browser. See https://www.internetsociety.org/blog/2018/12/dns-privacy-support-in-mozilla-firefox/

for the instructions.