Home > Blog > Setting up a DNS over HTTPS (DoH) proxy for your OpenWrt router

Setting up a DNS over HTTPS (DoH) proxy for your OpenWrt router

August 27, 2023 Gabriel Kheisa

Background

DNS hijacking is a technique used by ISPs to redirect DNS queries to their own servers. This can be done for a variety of reasons, such as to block access to certain websites, to collect data about users’ browsing habits, or to display advertisements.

In Indonesia, the government has required ISPs to implement DNS hijacking in order to block access to websites that it deems to be harmful or illegal. This includes websites that contain pornography, gambling, or information about sensitive topics such as politics or religion.

The government’s DNS blocking policy has been criticized by some who argue that it violates freedom of expression. Others have argued that the policy is ineffective, as users can easily circumvent it by using alternative DNS servers.

In recent years, ISPs in Indonesia have also begun to use DNS hijacking for more commercial purposes. For example, some ISPs have been redirecting DNS queries to their own servers in order to display ads.

Hijacked DNS query

OpenWrt’s DNS over HTTPS (DoH)

I installed the DNS over HTTPS (DoH) LuCI software package in OpenWrt. DoH is a privacy-preserving way to resolve domain names, as it encrypts the DNS traffic between your device and the DoH resolver. This prevents your ISP or other third parties from seeing the websites you visit.

I configured Cloudflare, Google, and OpenDNS as my DoH resolvers. These are three popular and reliable DoH providers. Cloudflare is known for its fast speeds and strong privacy protections. Google is another popular choice, and it offers a variety of features, such as parental controls and ad blocking. OpenDNS is a good option for businesses and organizations, as it offers a variety of security features.

I set up my DNS resolver in DHCP to the OpenWrt router itself. This means that all devices on my network will use the OpenWrt router to resolve domain names. I also enabled OpenWrt’s “DNS hijacking” to prevent DNS leak to ISP resolver. DNS hijacking is a technique that prevents devices from using the ISP’s DNS resolver. This can help to protect your privacy and security.

OpenWrt as DNS resolver

Result

Now, my DNS query is no longer hijacked, even though I try to use my ISP modem as a DNS resolver. OpenWrt hijacks all DNS queries into a legitimate DNS resolver.

OpenWrt hijacks all DNS queries to legit DNS resolvers, overriding ISP DNS
DNS leak test, no ISP DNS leak detected

Reference

More Stories

How to Use Fail2ban and Nginx to Implement Temporary IP Bans and Rate Limiting

October 16, 2023 Gabriel Kheisa

Setting up an OpenVPN client for your OpenWrt router

August 21, 2023 Gabriel Kheisa

From Bare Metal to Cloud: A Journey of Server Evolution and Lessons Learned

May 26, 2023 Gabriel Kheisa

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

The Science of Temperature and Humidity and Clouds

October 30, 2023 Gabriel Kheisa

Online games, metaverse, and the layer two of reality?

October 24, 2023 Gabriel Kheisa

How Living Things Reverse the Flow of Entropy?

October 18, 2023 Gabriel Kheisa

How to Use Fail2ban and Nginx to Implement Temporary IP Bans and Rate Limiting

October 16, 2023 Gabriel Kheisa

Setting up a DNS over HTTPS (DoH) proxy for your OpenWrt router

August 27, 2023 Gabriel Kheisa