Zum Hauptinhalt springen

OpenWRT

OpenWRT routers use an open source, Linux-based operating system that provides the flexibility to configure routers and gateways according to user preferences. The developers took care to add support for encrypted DNS servers, allowing you to configure Private AdGuard DNS on your device.

DNS-over-HTTPS konfigurieren

  • Befehlszeilen-Anweisungen. Installieren Sie die erforderlichen Pakete. DNS encryption should be enabled automatically.

    1. opkg update
    2. opkg install https-dns-proxy

  • Weboberfläche. If you want to manage the settings using web interface, install the necessary packages.

    1. opkg update
    2. opkg install luci-app-https-dns-proxy
    3. /etc/init.d/rpcd restart

Navigate to LuCIServicesHTTPS DNS Proxy to configure the https-dns-proxy.

  • DoH-Anbieter konfigurieren. https-dns-proxy ist standardmäßig mit Google DNS und Cloudflare DNS konfiguriert. Sie müssen es auf AdGuard DNS-over-HTTPS ändern. Specify several resolvers to improve fault tolerance.

    1. while uci -q delete https-dns-proxy.@https-dns-proxy[0]; do :; done
    2. uci set https-dns-proxy.dns="https-dns-proxy"
    3. uci set https-dns-proxy.dns.bootstrap_dns="94.140.14.49,94.140.14.59"
    4. uci set https-dns-proxy.dns.resolver_url="https://d.adguard-dns.com/dns-query/{Your_Private_Server_ID}"
    5. uci set https-dns-proxy.dns.listen_addr="127.0.0.1"
    6. uci set https-dns-proxy.dns.listen_port="5053"
    7. uci commit https-dns-proxy
    8. /etc/init.d/https-dns-proxy restart

DNS-over-TLS konfigurieren

  • Befehlszeilen-Anweisungen. Disable Dnsmasq DNS role or remove it completely optionally replacing its DHCP role with odhcpd.

    1. opkg update
    2. opkg install unbound-daemon ca-certificates

LAN clients and the local system should use Unbound as a primary resolver assuming that Dnsmasq is disabled.

  • Weboberfläche. If you want to manage the settings using web interface, install the necessary packages.

    1. opkg update
    2. opkg install luci-app-unbound ca-certificates
    3. /etc/init.d/rpcd restart

Navigate to LuCIServicesRecursive DNS to configure Unbound.

  • AdGuard DNS-over-TLS konfigurieren.

    2. uci set unbound.@zone[-1].enabled="1"
    3. uci set unbound.@zone[-1].fallback="0"
    4. uci set unbound.@zone[-1].zone_type="forward_zone"
    5. uci add_list unbound.@zone[-1].zone_name="."
    6. uci set unbound.@zone[-1].tls_upstream="1"
    7. uci set unbound.@zone[-1].tls_index="{Your_Private_Server_ID}.d.adguard-dns.com"
    8. uci add_list unbound.@zone[-1].server="94.140.14.49"
    9. uci add_list unbound.@zone[-1].server="94.140.14.59"
    10. uci add_list unbound.@zone[-1].server="2a10:50c0::ded:ff"
    11. uci add_list unbound.@zone[-1].server="2a10:50c0::dad:ff"
    12. uci commit unbound
    13. /etc/init.d/unbound restart

Use your router admin panel

Verwenden Sie diese Anweisungen, wenn Ihr Keenetic-Router keine DNS-over-HTTPS- oder DNS-over-TLS-Konfiguration unterstützt:

  1. Öffnen Sie das Router-Admin-Panel. Es ist zugänglich unter 192.168.1.1 oder 192.168.0.1.
  2. Geben Sie den Benutzernamen des Administrators (in der Regel admin) und das Passwort des Routers ein.
  3. Open NetworkInterfaces.
  4. Select your Wi-Fi network or wired connection.
  5. Scroll down to IPv4 address or IPv6 address, depending on the IP version you want to configure.
  6. Under Use custom DNS servers, enter the IP addresses of the DNS servers you want to use. You can enter multiple DNS servers, separated by spaces or commas:
    • IPv4: 94.140.14.49 und 94.140.14.59
    • IPv6: 2a10:50c0:0:0:0:0:ded:ff und 2a10:50c0:0:0:0:0:dad:ff
  7. Optionally, you can enable DNS forwarding if you want the router to act as a DNS forwarder for devices on your network.
  8. Speichern Sie die Einstellungen.
  9. Link your IP (or your dedicated IP if you have a Team subscription).