DNS Over TLS not working on start up

Technical Support for Routers
1

Also posted on Github

Current Version 3.027
Compile Time 2019-09-19 16:32:41
Last Update 3.027
GL-AR750

DNS Rebinding Attack Protection: Yes
Override DNS Settings for All Clients: Yes
DNS over TLS from Cloudflare: Yes

If I reboot the GL-AR750, then SSH into it and run

root@GL-AR750:/etc/init.d# nslookup google.com
Server:		213.120.234.42
Address:	213.120.234.42#53

Name:      google.com
Address 1: 216.58.210.206
Address 2: 2a00:1450:4009:809::200e

It is using the DNS resolvers of my ISP!!!
If I then toggle DNS over TLS from Cloudflare:
And re-run I get:

root@GL-AR750:/etc/init.d# nslookup google.com
^[[A
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:      google.com
Address 1: 172.217.169.14
Address 2: 2a00:1450:4009:809::200e

Presumably it is now using DNSmasq, which is forwarding them on
If I toggle it again to ‘on’ again I get:

root@GL-AR750:/etc/init.d# nslookup google.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:      google.com
Address 1: 216.58.204.78
Address 2: 2a00:1450:4009:81b::200e

Hopefully it is now sending the request to DNSmasq, which forwards to stubby on 127.0.0.1#5353 and on to cloudflare.

My syslog logs

2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.275287] device wlan1 entered promiscuous mode
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.269364] br-lan: port 3(wlan1) entered disabled state
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.263805] br-lan: port 3(wlan1) entered blocking state
2019-11-20	11:40:47	Notice	GL-AR750	daemon	hostapd	wlan0: interface state UNINITIALIZED->HT_SCAN
2019-11-20	11:40:47	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/system reload dependency on /etc/config/dhcp


2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	secondary DNS address 213.120.234.38
2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	primary DNS address 213.120.234.42
2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	remote IP address xxx.16.10.xxx
2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	local IP address xxx.198.233.xxx



2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	peer from calling number A4:7B: authorized
2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	CHAP authentication succeeded
2019-11-20	11:40:47	Information	GL-AR750	daemon	pppd	CHAP authentication succeeded: CHAP authentication success
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq-dhcp	read /etc/ethers - 0 addresses
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	read /tmp/hosts/dhcp.cfg01411c - 11 addresses
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.045029] device wlan0 entered promiscuous mode
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.039133] br-lan: port 2(wlan0) entered disabled state
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 70.033564] br-lan: port 2(wlan0) entered blocking state
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	read /etc/hosts - 4 addresses
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain local
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using nameserver 127.0.0.1#53535
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain bind
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain invalid
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain local
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain localhost
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain onion
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	using local addresses only for domain test
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq-dhcp	DHCP, IP range 192.16 -- 192.168, lease time 12h
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
2019-11-20	11:40:47	Information	GL-AR750	daemon	dnsmasq	started, version 2.80test2 cachesize 150
2019-11-20	11:40:47	Notice	GL-AR750	daemon	pppd	Connect: pppoe-wan <--> eth0
2019-11-20	11:40:47	Information	GL-AR750	daemon	pppd	Using interface pppoe-wan
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 69.968494] pppoe-wan: renamed from ppp0
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 69.960567] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
2019-11-20	11:40:47	Information	GL-AR750	kern	kernel	[ 69.936684] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
2019-11-20	11:40:47	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/system reload dependency on /etc/config/luci_statistics
2019-11-20	11:40:47	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/system reload trigger for non-procd /etc/init.d/led
2019-11-20	11:40:46	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
2019-11-20	11:40:46	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/firewall reload dependency on /etc/config/sqm
2019-11-20	11:40:46	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/firewall reload dependency on /etc/config/miniupnpd
2019-11-20	11:40:46	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/firewall reload dependency on /etc/config/qos
2019-11-20	11:40:46	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/firewall reload dependency on /etc/config/luci-splash
2019-11-20	11:40:45	Information	GL-AR750	daemon	dnsmasq	exiting on receipt of SIGTERM
2019-11-20	11:40:45	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/wireless reload dependency on /etc/config/network
2019-11-20	11:40:45	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/network reload dependency on /etc/config/radvd
2019-11-20	11:40:45	Notice	GL-AR750	user	ucitrack	Setting up /etc/config/network reload dependency on /etc/config/dhcp
2019-11-20	11:40:45	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:45	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:45	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:45	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Warning	GL-AR750	daemon	pppd	Connected to a4:7b:2c:56:8f:61 via interface eth0
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Error	GL-AR750	daemon	stubby	Could not schedule query: None of the configured upstreams could be used to send queries on the specified transports
2019-11-20	11:40:44	Information	GL-AR750	daemon	pppd	PPP session is 468
2019-11-20	11:40:44	Notice	GL-AR750	daemon	pppd	pppd 2.4.7 started by root, uid 0
2019-11-20	11:40:44	Information	GL-AR750	daemon	pppd	RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
2019-11-20	11:40:44	Information	GL-AR750	daemon	pppd	Plugin rp-pppoe.so loaded.
2019-11-20	11:40:44	Error	GL-AR750	daemon	hostapd	Configuration file: /var/run/hostapd-phy1.conf
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.793866] STUBBY: Starting DAEMON....
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.792644] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.791403] STUBBY: Privacy Usage Profile is Strict (Authentication required)
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.783889] STUBBY: - TLS
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.782698] STUBBY: Transport list is:
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.781447] STUBBY: DNSSEC Validation is OFF
2019-11-20	11:40:42	Error	GL-AR750	daemon	stubby	[11:40:42.713636] STUBBY: Read config from file /etc/stubby/stubby.yml
2019-11-20	11:40:42	Error	GL-AR750	daemon	hostapd	Configuration file: /var/run/hostapd-phy0.conf
2019-11-20	11:40:42	Warning	GL-AR750	kern	kernel	[ 64.643534] Version:3.0.5 Date:201801210
2019-11-20	11:40:41	Warning	GL-AR750	kern	kernel	[ 64.322260] ip12:192.168.9.1 lan_ip[1].IP=c0a80901
2019-11-20	11:40:41	Warning	GL-AR750	kern	kernel	[ 64.317208] ip11:192.168.1.1 lan_ip[0].IP=c0a80101
2019-11-20	11:40:41	Error	GL-AR750	daemon	rmmod	module is not loaded
2019-11-20	11:40:41	Error	GL-AR750	daemon	odhcp6c	Failed to send DHCPV6 message to ff02::1:2 (Address not available)
2019-11-20	11:40:41	Error	GL-AR750	daemon	odhcp6c	Failed to send RS (Address not available)
2019-11-20	11:40:40	Error	GL-AR750	daemon	insmod	module is already loaded - pppoe
2019-11-20	11:40:40	Error	GL-AR750	daemon	insmod	module is already loaded - pppox
2019-11-20	11:40:40	Error	GL-AR750	daemon	insmod	module is already loaded - ppp_generic
2019-11-20	11:40:40	Error	GL-AR750	daemon	insmod	module is already loaded - slhc
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Interface 'wan6' is setting up now
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Interface 'wan6' has link connectivity
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Interface 'wan' is setting up now
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Interface 'wan' has link connectivity
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Network device 'eth0' link is up
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 62.283146] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 62.278424] eth0: link up (100Mbps/Full duplex)
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 61.924694] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Interface 'lan' has link connectivity
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	bridge 'br-lan' link is up
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	VLAN 'eth1.1' link is up
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 61.809022] br-lan: port 1(eth1.1) entered forwarding state
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 61.803383] br-lan: port 1(eth1.1) entered blocking state
2019-11-20	11:40:39	Notice	GL-AR750	daemon	netifd	Network device 'eth1' link is up
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 61.681291] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
2019-11-20	11:40:39	Information	GL-AR750	kern	kernel	[ 61.676485] eth1: link up (1000Mbps/Full duplex)
2019-11-20	11:40:38	Information	GL-AR750	daemon	logread	Logread connected to 192.16

So it looks as if DNSmasq starts properly. Not so sure about stubby, but looks as if it is using the DHCP DNS not the loopback address.

2

pls accesss https://www.dnsleaktest.com/ at LAN client to test.