Let me change my name servers

Since Clouldflare announced it’s free, fast and privacy respecting dns service at address 1.1.1.1 I have wanted to switch to use it.

Unfortunately I had ADSL modem and router from my ISP (Elisa) and it did not offer functionality to change name servers. I got what my ISP was pushing for me.

Then on the summer I checked out what was the situation with LEDE Project and for my delight they had decided to merge back to OpenWRT, and OpenWRT had accepted many of their good practices. (LEDE was fork or spinoff from well know open router software project OpenWRT, which was moving much faster than the original project.) Now there would be even stronger open source project for routers.

I looked through their supported devices and noticed that ‘BT home hub 5a’ was supporting ADSL2+ (my line) and also VDSL (my probably upgrade). Availability was unknown, but with a little search I found that there were lot of them on sale in ebay at uk (like this), and with very reasonable prices, around 25 £. I had already looked other new routers from local store and they were selling in 200-300 euros (of course I looked new and fast models). It looked like a bargain after that. Some sellers had even installed LEDE already to them, and were making business with that (already over 250 sold items). I also checked bit more that speed side and came to conclusion that none of my devices would benefit from faster wireless network than what the ac standard was offering, and what the Home Hub was providing.

So I purchased one. Although the seller had only got positive feedback I decided to play safe and install as a first thing a new OS version to the device, before I would attach it to my network. After that I attached to ADSL line, but there was some issue that I didn’t managed to solve right away, and then I needed to do other things for the next few days. Then this project was left to wait, and the wait continued for months.

Then at some point in the summer my ISP told that they would be upgrading my ADSL line to VDSL. I was again busy at that time and the old router was still working, so no worries.. 🙂

Then at autumn there were few days when the wifi felt very slow and I took a new look to this project. I started again by installing new OS version. This time the version was 18.06. I followed upgrade instruction and almost everything went quite smoothly as I had practiced it already once. Only issue was with confirming ‘firmware-checksum’ on download page as that information was not there. Instructions directed me to download the firmware from ‘table of hardware’ page, and I considered that as the download page. However, there is other specifically named ‘download’ page, and the information is there.

First I attached new router to old router with wire and after checking that everything looked fine, I set root password, enabled wifi and set ssh keys.

Then I attached it to the VDSL line and it looked quite good. Line State was UP [0x0]. However, I didn’t got ip address for WAN section, but error “Connection attempt failed” and the OpenWRT syslog was having following errors:

unable to complete PPPOE Discovery
unknown error (user REQUEST)
error: connection attempt failed
Timeout waiting for PADO packets.

Then I looked through so called Bills manual (which is great!), and tried to get some glues from it. Then I changed WAN setting from ‘PPPoE’ to ‘DHCP Client’ and as soon as I clicked ‘save and apply’ it got the ip address and I had fully working OpenWRT modem & router connected to VDSL at Elisa network.

Then it was time to change the name servers. OpenWRT documentation for DNS and DHCP was extensive (four long pages named: ‘DHCP’,’DNS and DHCP configuration’, ‘DNS configuration’ and ‘Dnsmasq’), but non of them addressed exactly my case. After few tries I found the working combination.

Modify file /etc/config/dhcp, and add under section ‘config dnsmasq’ following rows:

option noresolv ‘1’
list server ‘1.1.1.1’
list server ‘1.0.0.1’

and restarted the network service on the router with command ‘/etc/init.d/dnsmasq restart’

Test your dns settings, with dnsleaktest.
It should now confirm that you are using the configured dns provider.

Below are also few screenshot from luci gui that show the status and used settings:
(Click images to see them better)

Some other free DNS services and few words about them

When I was about to change my DNS servers I also looked around to see what else its there. Below are listed some of them, which I found interesting in or otherways worth of taking up, with comments.

Cloudflare is the fastest public DNS service around. Privacy is another major highlight. Cloudflare claims that it will never log your IP address, and it has agreed KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises. It does not block anything for good or bad.

Google offers also a public DNS servers, but they collect your data. They claim to drop the ip address after two days, and only keep your location information with the accuracy of country, city and ISP, but who knows what is the truth. Google’s business is based for collecting information, and google isn’t so nice anymore. Google claims that it is not blocking with the service anything, “except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users from security threats”. But nowhere is told that how many pages or domains it will block.
Link to google’s blog post how their DNS service has been adopted is here

Quad9 claims not to record your queries. It will collect threat intelligence from a several parties and block your access to web pages that it will consider malicious (“results that a reasonable end user would consider detrimental”). They offer a method to submit sites to be blocked. At the moment they block 360 million domains. This would be an interesting offering, as who would not like to ban sites that will try to exploit you. However, they should be much more transparent, and tell that who provides the threat intelligence and what they block. 360 million blocked domains sounds like a quite much. They have not either contracted anybody to review that they would be following their own practices. (They will also offer a dns service that does not block anything.)

Uncensored dns from one danish man. Kudos for him.

dns.watch Listed in many places..

Opennic offers an alternative “internet”. It has released own top-level domains (other than what ICANN does), like .libre.

Few tools to make own DNS benchmarking

Public DNS benchmark result from DNSperf didn’t not included my ISP. I considered making my own measurements with the apps that I found (listed below), but I didn’t do it yet.

GRC I haven’t used this, but check the size of the executable – 144KB. Awesome!

DNS Jumper I haven’t used this either, but it looks like a legit product too. Bit bloated though 🙂 (almost 700KB)

OpenWRT Backups

Luci’s backup option makes backup only from the firmware, leaving packages and other configs out. Here are instructions how to backup also the rest. Same briefly below.

Use command ‘opkg list-installed > /etc/config/installed.packages’ to list installed packages.
Use command ‘opkg list-changed-conffiles’ to find out what config file have changed, and add them to ‘/etc/sysupgrade.conf’.

Use Luci to generate and download the backup file, and for the restore. Luci don’t restore the packages, so that needs to be done manually with command ‘opkg update && opkg install $(cut -f 1 -d ‘ ‘ < /etc/config/installed.packages)' At the end link to project that sells routers that have OpenWRT installed by default