What's new

Customize stubby.yml

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lost_

New Around Here
I understand the privacy implication, but I'd like to send the subnet EDNS in the DoT queries. I'm using Quad9 9.9.9.11 (ECS enabled).

It seems that is controlled by this line in /etc/stubby/stubby.yml

edns_client_subnet_private: 1

How do I permanently either remove this line, or set it to 0?
 
Thanks Colin! Forgot about that directory.

For those who want to configure DoT the same way:

cat /jffs/scripts/stubby.postconf
Code:
#!/bin/sh

CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "edns_client_subnet_private: 1" "edns_client_subnet_private: 0" $CONFIG

With this, my subnet is provided to Quad9 (which I'm fine with and they don't log). The resolved hosts are now the ones closest to me. I've tested with and without EDNS. Without EDNS, facebook resolved to the one in California (33 ms), and with it, it's the one in Virginia (10 ms). YMMV.

(In WAN page, set DNS over TLS to 9.9.9.11 and hostname dns11.quad9.net. In LAN, set DNSFilter to router or however you need it)
 
Last edited:
In /jffs/scripts create file stubby.postconf with contents:
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "edns_client_subnet_private: 1" "edns_client_subnet_private: 0" $CONFIG
Change properties of the file to 755

Here are changes I make:
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "round_robin_upstreams: 1" "round_robin_upstreams: 0" $CONFIG
pc_insert "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED" "dnssec_return_status: GETDNS_EXTENSION_TRUE" $CONFIG
The last line enables DNSSEC validation to be done by Stubby. With this enabled disable DNSSEC in the router WAN settings.
 
Similar threads
Thread starter Title Forum Replies Date
R Customize Minidlna settings Asuswrt-Merlin 2

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top