This is a translation of an excerpt adapted from my review of GL.iNet Convexa-B (GL-B1300) router. As of writing, I'm using the official GL.iNet firmware version 3.104 (pre-release). This tutorial might work on other GL.iNet routers. I don't guarantee anything, so do this at your own risk.
If you already use GL.iNet Convexa-B (GL-B1300) router, you might already be aware that on the GL.iNet’s Admin Panel (not the LuCI version), there’s a toggle to activate
DNS over TLS from Cloudflare.
But what if I want to use other DNS provider such as NextDNS? I personally prefer NextDNS because it can also act as a DNS sinkhole. I’ve also paid for NextDNS Pro subscription. It’d be a shame if I don’t use it to its full potential 😛
Can we use NextDNS instead of Cloudflare? Yes, we can. It’s much easier if you’re on the latest version of vanilla OpenWrt, I believe you can just install
luci-app-nextdns. If you want to stay on the official GL.iNet version (which is still using OpenWrt 15.05 as of July 2020), it’s a little more involved.
The way I use NextDNS is by modifying the configuration file to change the DNS server info from Cloudflare’s to NextDNS’. This way I can still toggle DNS over TLS easily from the
Custom DNS Server menu.
Changing Cloudflare to NextDNS
To do this, we have to SSH into the router. If you’re using Windows, you can use PuTTY.
- SSH to
- Login as
root, then enter your password.
vi /etc/stubby/stubby.yml, then press
Enteron your keyboard.
The command means that we want to edit the configuration file
stubby.yml, using the text editor
vi. Stubby is the application that does the DNS encryption, and it should’ve been pre-installed on the router.
- After you open
stubby.yml, find the following lines:
# IPv4 addresses # # Cloudflare servers - address_data: 18.104.22.168 tls_port: 853 tls_auth_name: "cloudflare-dns.com" # # Cloudflare servers secondary - address_data: 22.214.171.124 tls_port: 853 tls_auth_name: "cloudflare-dns.com"
- Change it to:
# IPv4 addresses # # Cloudflare servers - address_data: xx.xx.xx.x tls_port: 853 tls_auth_name: "zzzzzz.dns1.nextdns.io" # # Cloudflare servers secondary - address_data: yy.yy.yy.y tls_port: 853 tls_auth_name: "zzzzzz.dns2.nextdns.io"
yy.yy.yy.y are the DNS server IP of NextDNS, while
zzzzzz is your NextDNS ID. Check those values at my.nextdns.io.
- To enter edit mode on
Insertkey on your keyboard.
- To exit edit mode, press the
Esckey on your keyboard.
- To save and exit the file, type
:xafter you exit edit mode.
- I only changed the IPv4 addresses, because that’s all I need, but you can also edit the IPv6 addresses if you need it.
- It’s a good idea to keep a copy of
stubby.ymlbefore changing anything.
That’s it! Now your router should already use NextDNS instead of Cloudflare for encrypted DNS.
To check, visit my.nextdns.io and it should tell you whether you’re using their DNS or not.
Ok, done! Hopefully the tutorial is useful for you who are looking to use NextDNS on your GL.iNet router.