OpenWRT – Configure DNS-over-HTTPS (DoH)

In this video, we are going to configure DNS over HTTPS on OpenWRT LuCI to secure the DNS queries that come from LAN devices to the internet. If you want configure DNS-over-TLS, you can check out the tutorial on the link below.
In order to configure DoH, we will need 2 main packages – dnsmasq which is the default DNS resolver for OpenWRT and https-dns-proxy. Besides, you will need luci-app-https-dns-proxy in order to monitor & configure DoH on LuCI. https-dns-proxy uses Google and Cloudflare as default DoH providers and we are fine with that.

Videotimeframe:

00:00 – DNS-over-HTTPS with Dnsmasq and https-dns-proxy
00:36 – Install required packages
01:52 – Access https-dns-proxy on LuCI
03:28 – DNS leak test
04:23 – Setup our your preferred DoH provider
04:55 – Force DNS request to port 53 to https-dns-proxy

Custom Firewall rule:
iptables -t nat -A PREROUTING -i br-lan -p udp –dport 53 -j DNAT –to 192.168.1.1:5053
iptables -t nat -A PREROUTING -i br-lan -p tcp –dport 53 -j DNAT –to 192.168.1.1:5053
ptables -t nat -A PREROUTING -i br-lan -p udp –dport 53 -j DNAT –to 192.168.1.1:5054
iptables -t nat -A PREROUTING -i br-lan -p tcp –dport 53 -j DNAT –to 192.168.1.1:5054

Resources:
Configure DNS over TLS on OpenWRT – https://youtu.be/C89VqK1Unb0
DoH with Dnsmasq and https-dns-proxy on OpenWRT – https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy

Thanks for watching and see you in the next video!