Stubby-Installer-Asuswrt-Merlin

[skeal]

I'm curious what went wrong and what you had to do? I left Stubby as configured by the last update to v.1.1.1. I run Linux Mint based on Ubuntu and have no issues with dig in a terminal:

tim@LinuxDT ~ $ dig cloudflare.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29113
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;cloudflare.com.            IN    A
;; ANSWER SECTION:
cloudflare.com.        217    IN    A    198.41.215.162
cloudflare.com.        217    IN    A    198.41.214.162
;; Query time: 118 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Mar 25 12:26:08 PDT 2019
;; MSG SIZE  rcvd: 103

I'm not using "dig" I'm using "kdig" it tests more stuff including TLS.

 

[Butterfly Bones]

I'm not using "dig" I'm using "kdig" it tests more stuff including TLS.

I learn something new every day here. I thought that was the KDE dig, but I found it is Knot utilities and found it in Synaptic. Now to learn more.

 

[skeal]

I learn something new every day here. I thought that was the KDE dig, but I found it is Knot utilities and found it in Synaptic. Now to learn more.

This is a good test for stubby if you use cloudflare:

kdig -d @1.1.1.1 +tls-ca +dnssec +tls-host=cloudflare-dns.com  example.com

 

[Butterfly Bones]

This is a good test for stubby if you use cloudflare:

kdig -d @1.1.1.1 +tls-ca +dnssec +tls-host=cloudflare-dns.com  example.com

Hmmmm. With kdig (Knot DNS), version 2.1.1 all the + options give me -

;; ERROR: invalid option: +tls-ca
;; ERROR: invalid option: +dnssec
;; ERROR: invalid option: +tls-host

Often times the Linux Mint versions are older, due to their LTS long term support policy, and "man kdig" does not give those options.

 

[dave14305]

This is a good test for stubby if you use cloudflare:

kdig -d @1.1.1.1 +tls-ca +dnssec +tls-host=cloudflare-dns.com  example.com

It’s a test of DoT but not Stubby since you’re specifying the cloudflare IP directly, not using your router IP (Stubby) at all.

 

[skeal]

Hmmmm. With kdig (Knot DNS), version 2.1.1 all the + options give me -

;; ERROR: invalid option: +tls-ca
;; ERROR: invalid option: +dnssec
;; ERROR: invalid option: +tls-host

Often times the Linux Mint versions are older, due to their LTS long term support policy, and "man kdig" does not give those options.

In Ubuntu I opened terminal and typed kdig and it told me it wasn't installed and how to install it.

 

[Butterfly Bones]

In Ubuntu I opened terminal and typed kdig and it told me it wasn't installed and how to install it.

Oh, I have it installed, that is how I know I have version 2.1.1 using "kdig -V"
Searching tells me those options are available in version 2.6.9, so it is the old version of Mint LTS that caused this failure. Usually LM discourages updating outside of their repo........
https://www.knot-dns.cz/docs/2.6/html/man_kdig.html

 

[skeal]

It’s a test of DoT but not Stubby since you’re specifying the cloudflare IP directly, not using your router IP (Stubby) at all.

You can substitute your router ip and it works as well.

 

[skeal]

Oh, I have it installed, that is how I know I have version 2.1.1 using "kdig -V"
Searching tells me those options are available in version 2.6.9, so it is the old version of Mint LTS that caused this failure. Usually LM discourages updating outside of their repo........
https://www.knot-dns.cz/docs/2.6/html/man_kdig.html

steve@LinuxUbuntu:~$ kdig -V
kdig (Knot DNS), version 2.7.2

 

[Marin]

how to do you install kdig?

 

[skeal]

how to do you install kdig?

I have only ever installed Kdig on latest linux like Ubuntu 18.04. I opened terminal and typed kdig and it suggested how to install it.

 

[Butterfly Bones]

how to do you install kdig?

Depends on what Linux distro you are using.
This is what I did for Linux Mint - Ubuntu
https://launchpad.net/~cz.nic-labs/+archive/ubuntu/knot-dns-latest
or

sudo apt install kdig

 

[Marin]

Thank you! I will try it on my Ubuntu VM

 

[Marin]

Depends on what Linux distro you are using.
This is what I did for Linux Mint - Ubuntu
https://launchpad.net/~cz.nic-labs/+archive/ubuntu/knot-dns-latest
or

sudo apt install kdig

For some reason that didn't work in my Ubuntu but this did:

sudo apt install knot-dnsutils

As @skeal mentioned if you simply type "kdig" then you get:

Command "kdig" not found, but can be installed with:

sudo apt install knot-dnsutils

 

[Butterfly Bones]

For some reason that didn't work in my Ubuntu but this did:

sudo apt install knot-dnsutils

As @skeal mentioned if you simply type "kdig" then you get:

Command "kdig" not found, but can be installed with:

sudo apt install knot-dnsutils

If you look above that got me version 2.1.1 that does not have the dnssec and tls checks thanks to Linux Mint long term support policy that means older stable versions.
https://www.snbforums.com/threads/stubby-installer-asuswrt-merlin.49469/page-64#post-474632

That is why I added the PPA first and then used the rest of the options in the link I posted.

 

[Marin]

my version:

kdig -V
2.6.5

and my Ubuntu version is 18.04

I will try the PPA and see if I am able to update it to the 2.7.x version

Thank you!

 

[Butterfly Bones]

my version:

kdig -V
2.6.5

and my Ubuntu version is 18.04

I will try the PPA and see if I am able to update it to the 2.7.x version

Thank you!

Pfffft

$ kdig -V
kdig (Knot DNS), version 2.8.0

 

[Marin]

Pfffft

$ kdig -V
kdig (Knot DNS), version 2.8.0

Ha! Yep, I just tried the PPA:

sudo add-apt-repository ppa:cz.nic-labs/knot-dns-latest

then:

sudo apt-get update

then:

sudo apt install knot-dnsutils

and Voila!

kdig -V
kdig (Knot DNS), version 2.8.0

Thank you!

 

[#TY]

Hello everyone!

I am new on this incredibly useful forum so I apologize in advance for any noob questions.

I have successfully (I think) configured Stubby on a fresh USB drive connected to an ASUS RT-AC5300 as per the excellent instructions set forth here:
https://github.com/Xentrk/Stubby-Installer-Asuswrt-Merlin

My router is also properly configured with an OPENVPN client.

Everything with Stubby seems to be working as intended and I have the following results:

My questions:

- How do I turn the No's into Yes's? Have I missed anything from the installation?
- How do I get TLS 1.3 and Encrypted SNI to work?

Thank you in advance for any help and I apologize if the answers have been stated elsewhere (I haven't found them).

 

[JimbobJay]

I like to disable custom scripts and eject the usb drive form my router before I do firmware upgrades. I lost internet connectivity when I disabled custom scripts and rebooted and I realised it was because the wan dns was still set on the router’s own address, but obviously stubby was no longer running. Is there any way for stubby to unset this and change it back to default at the moment that custom scripts are disabled? Or is this impossible because as soon as that seething is changed custom scripts can obviously no longer run?