Skip to main content

OpenWRT

OpenWRTルーターは、オープンソースでLinuxベースのオペレーティングシステムを使用しています。このオペレーティングシステムはユーザーの好みに応じてルーターやゲートウェイを構成できる柔軟性を提供します。 開発者は暗号化DNSサーバーのサポートを追加しているので、デバイス上でプライベート AdGuard DNS を設定可能になっています。

DNS-over-HTTPS を設定する

  • Command-line instructions. Install the required packages. DNS encryption should be enabled automatically.

    1. opkg update
    2. opkg install https-dns-proxy

  • Web interface. If you want to manage the settings using web interface, install the necessary packages.

    1. opkg update
    2. opkg install luci-app-https-dns-proxy
    3. /etc/init.d/rpcd restart

Navigate to LuCIServicesHTTPS DNS Proxy to configure the https-dns-proxy.

  • Configure DoH provider. https-dns-proxy is configured with Google DNS and Cloudflare DNS by default. You need to change it to AdGuard DoH. Specify several resolvers to improve fault tolerance.

    1. while uci -q delete https-dns-proxy.@https-dns-proxy[0]; do :; done
    2. uci set https-dns-proxy.dns="https-dns-proxy"
    3. uci set https-dns-proxy.dns.bootstrap_dns="94.140.14.49,94.140.14.59"
    4. uci set https-dns-proxy.dns.resolver_url="https://d.adguard-dns.com/dns-query/{Your_Private_Server_ID}"
    5. uci set https-dns-proxy.dns.listen_addr="127.0.0.1"
    6. uci set https-dns-proxy.dns.listen_port="5053"
    7. uci commit https-dns-proxy
    8. /etc/init.d/https-dns-proxy restart

DNS-over-TLS を構成して接続する

  • Command-line instructions. Disable Dnsmasq DNS role or remove it completely optionally replacing its DHCP role with odhcpd.

    1. opkg update
    2. opkg install unbound-daemon ca-certificates

LAN clients and the local system should use Unbound as a primary resolver assuming that Dnsmasq is disabled.

  • Web interface. If you want to manage the settings using web interface, install the necessary packages.

    1. opkg update
    2. opkg install luci-app-unbound ca-certificates
    3. /etc/init.d/rpcd restart

Navigate to LuCIServicesRecursive DNS to configure Unbound.

  • Configure AdGuard DNS-over-TLS.

    2. uci set unbound.@zone[-1].enabled="1"
    3. uci set unbound.@zone[-1].fallback="0"
    4. uci set unbound.@zone[-1].zone_type="forward_zone"
    5. uci add_list unbound.@zone[-1].zone_name="."
    6. uci set unbound.@zone[-1].tls_upstream="1"
    7. uci set unbound.@zone[-1].tls_index="{Your_Private_Server_ID}.d.adguard-dns.com"
    8. uci add_list unbound.@zone[-1].server="94.140.14.49"
    9. uci add_list unbound.@zone[-1].server="94.140.14.59"
    10. uci add_list unbound.@zone[-1].server="2a10:50c0::ded:ff"
    11. uci add_list unbound.@zone[-1].server="2a10:50c0::dad:ff"
    12. uci commit unbound
    13. /etc/init.d/unbound restart

Use your router admin panel

Use these instructions if your Keenetic router does not support DNS-over-HTTPS or DNS-over-TLS configuration:

  1. ルーターの管理画面を開きます。 (管理画面は、192.168.1.1 または 192.168.0.1 でアクセスできます。)
  2. 管理者ユーザー名(通常は「admin」)とルーターパスワードを入力します。
  3. Open NetworkInterfaces.
  4. Select your Wi-Fi network or wired connection.
  5. Scroll down to IPv4 address or IPv6 address, depending on the IP version you want to configure.
  6. Under Use custom DNS servers, enter the IP addresses of the DNS servers you want to use. You can enter multiple DNS servers, separated by spaces or commas:
    • IPv4: 94.140.14.49 and 94.140.14.59
    • IPv6: 2a10:50c0:0:0:0:0:ded:ff and 2a10:50c0:0:0:0:0:dad:ff
  7. Optionally, you can enable DNS forwarding if you want the router to act as a DNS forwarder for devices on your network.
  8. Save the settings.
  9. Link your IP (or your dedicated IP if you have a Team subscription).