Also posted on Github
Current Version 3.027
Compile Time 2019-09-19 16:32:41
Last Update 3.027
GL-AR750
DNS Rebinding Attack Protection: Yes
Override DNS Settings for All Clients: Yes
DNS over TLS from Cloudflare: Yes
If I reboot the GL-AR750, then SSH into it and run
root@GL-AR750:/etc/init.d# nslookup google.com
Server: 213.120.234.42
Address: 213.120.234.42#53
Name: google.com
Address 1: 216.58.210.206
Address 2: 2a00:1450:4009:809::200e
It is using the DNS resolvers of my ISP!!!
If I then toggle DNS over TLS from Cloudflare:
And re-run I get:
root@GL-AR750:/etc/init.d# nslookup google.com
^[[A
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: google.com
Address 1: 172.217.169.14
Address 2: 2a00:1450:4009:809::200e
Presumably it is now using DNSmasq, which is forwarding them on
If I toggle it again to ‘on’ again I get:
root@GL-AR750:/etc/init.d# nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: google.com
Address 1: 216.58.204.78
Address 2: 2a00:1450:4009:81b::200e
Hopefully it is now sending the request to DNSmasq, which forwards to stubby on 127.0.0.1#5353 and on to cloudflare.
My syslog logs
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.275287] device wlan1 entered promiscuous mode
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.269364] br-lan: port 3(wlan1) entered disabled state
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.263805] br-lan: port 3(wlan1) entered blocking state
2019-11-20 11:40:47 Notice GL-AR750 daemon hostapd wlan0: interface state UNINITIALIZED->HT_SCAN
2019-11-20 11:40:47 Notice GL-AR750 user ucitrack Setting up /etc/config/system reload dependency on /etc/config/dhcp
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd secondary DNS address 213.120.234.38
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd primary DNS address 213.120.234.42
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd remote IP address xxx.16.10.xxx
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd local IP address xxx.198.233.xxx
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd peer from calling number A4:7B: authorized
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd CHAP authentication succeeded
2019-11-20 11:40:47 Information GL-AR750 daemon pppd CHAP authentication succeeded: CHAP authentication success
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq-dhcp read /etc/ethers - 0 addresses
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq read /tmp/hosts/dhcp.cfg01411c - 11 addresses
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.045029] device wlan0 entered promiscuous mode
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.039133] br-lan: port 2(wlan0) entered disabled state
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 70.033564] br-lan: port 2(wlan0) entered blocking state
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq read /etc/hosts - 4 addresses
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain local
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using nameserver 127.0.0.1#53535
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain bind
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain invalid
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain local
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain localhost
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain onion
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq using local addresses only for domain test
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq-dhcp DHCP, IP range 192.16 -- 192.168, lease time 12h
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
2019-11-20 11:40:47 Information GL-AR750 daemon dnsmasq started, version 2.80test2 cachesize 150
2019-11-20 11:40:47 Notice GL-AR750 daemon pppd Connect: pppoe-wan <--> eth0
2019-11-20 11:40:47 Information GL-AR750 daemon pppd Using interface pppoe-wan
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 69.968494] pppoe-wan: renamed from ppp0
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 69.960567] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
2019-11-20 11:40:47 Information GL-AR750 kern kernel [ 69.936684] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
2019-11-20 11:40:47 Notice GL-AR750 user ucitrack Setting up /etc/config/system reload dependency on /etc/config/luci_statistics
2019-11-20 11:40:47 Notice GL-AR750 user ucitrack Setting up /etc/config/system reload trigger for non-procd /etc/init.d/led
2019-11-20 11:40:46 Notice GL-AR750 user ucitrack Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
2019-11-20 11:40:46 Notice GL-AR750 user ucitrack Setting up /etc/config/firewall reload dependency on /etc/config/sqm
2019-11-20 11:40:46 Notice GL-AR750 user ucitrack Setting up /etc/config/firewall reload dependency on /etc/config/miniupnpd
2019-11-20 11:40:46 Notice GL-AR750 user ucitrack Setting up /etc/config/firewall reload dependency on /etc/config/qos
2019-11-20 11:40:46 Notice GL-AR750 user ucitrack Setting up /etc/config/firewall reload dependency on /etc/config/luci-splash
2019-11-20 11:40:45 Information GL-AR750 daemon dnsmasq exiting on receipt of SIGTERM
2019-11-20 11:40:45 Notice GL-AR750 user ucitrack Setting up /etc/config/wireless reload dependency on /etc/config/network
2019-11-20 11:40:45 Notice GL-AR750 user ucitrack Setting up /etc/config/network reload dependency on /etc/config/radvd
2019-11-20 11:40:45 Notice GL-AR750 user ucitrack Setting up /etc/config/network reload dependency on /etc/config/dhcp
2019-11-20 11:40:45 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:45 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:45 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:45 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Warning GL-AR750 daemon pppd Connected to a4:7b:2c:56:8f:61 via interface eth0
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Error GL-AR750 daemon stubby Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20 11:40:44 Information GL-AR750 daemon pppd PPP session is 468
2019-11-20 11:40:44 Notice GL-AR750 daemon pppd pppd 2.4.7 started by root, uid 0
2019-11-20 11:40:44 Information GL-AR750 daemon pppd RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
2019-11-20 11:40:44 Information GL-AR750 daemon pppd Plugin rp-pppoe.so loaded.
2019-11-20 11:40:44 Error GL-AR750 daemon hostapd Configuration file: /var/run/hostapd-phy1.conf
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.793866] STUBBY: Starting DAEMON....
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.792644] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.791403] STUBBY: Privacy Usage Profile is Strict (Authentication required)
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.783889] STUBBY: - TLS
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.782698] STUBBY: Transport list is:
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.781447] STUBBY: DNSSEC Validation is OFF
2019-11-20 11:40:42 Error GL-AR750 daemon stubby [11:40:42.713636] STUBBY: Read config from file /etc/stubby/stubby.yml
2019-11-20 11:40:42 Error GL-AR750 daemon hostapd Configuration file: /var/run/hostapd-phy0.conf
2019-11-20 11:40:42 Warning GL-AR750 kern kernel [ 64.643534] Version:3.0.5 Date:201801210
2019-11-20 11:40:41 Warning GL-AR750 kern kernel [ 64.322260] ip12:192.168.9.1 lan_ip[1].IP=c0a80901
2019-11-20 11:40:41 Warning GL-AR750 kern kernel [ 64.317208] ip11:192.168.1.1 lan_ip[0].IP=c0a80101
2019-11-20 11:40:41 Error GL-AR750 daemon rmmod module is not loaded
2019-11-20 11:40:41 Error GL-AR750 daemon odhcp6c Failed to send DHCPV6 message to ff02::1:2 (Address not available)
2019-11-20 11:40:41 Error GL-AR750 daemon odhcp6c Failed to send RS (Address not available)
2019-11-20 11:40:40 Error GL-AR750 daemon insmod module is already loaded - pppoe
2019-11-20 11:40:40 Error GL-AR750 daemon insmod module is already loaded - pppox
2019-11-20 11:40:40 Error GL-AR750 daemon insmod module is already loaded - ppp_generic
2019-11-20 11:40:40 Error GL-AR750 daemon insmod module is already loaded - slhc
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Interface 'wan6' is setting up now
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Interface 'wan6' has link connectivity
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Interface 'wan' is setting up now
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Interface 'wan' has link connectivity
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Network device 'eth0' link is up
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 62.283146] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 62.278424] eth0: link up (100Mbps/Full duplex)
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 61.924694] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Interface 'lan' has link connectivity
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd bridge 'br-lan' link is up
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd VLAN 'eth1.1' link is up
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 61.809022] br-lan: port 1(eth1.1) entered forwarding state
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 61.803383] br-lan: port 1(eth1.1) entered blocking state
2019-11-20 11:40:39 Notice GL-AR750 daemon netifd Network device 'eth1' link is up
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 61.681291] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
2019-11-20 11:40:39 Information GL-AR750 kern kernel [ 61.676485] eth1: link up (1000Mbps/Full duplex)
2019-11-20 11:40:38 Information GL-AR750 daemon logread Logread connected to 192.16
So it looks as if DNSmasq starts properly. Not so sure about stubby, but looks as if it is using the DHCP DNS not the loopback address.