How to use NextDNS on your GL.iNet Convexa-B (GL-B1300) OpenWrt router

This is a translation of an excerpt adapted from my review of GL.iNet Convexa-B (GL-B1300) router. As of writing, I'm using the official GL.iNet firmware version 3.104 (pre-release). This tutorial might work on other GL.iNet routers. I don't guarantee anything, so do this at your own risk.

If you already use GL.iNet Convexa-B (GL-B1300) router, you might already be aware that on the GL.iNet’s Admin Panel (not the LuCI version), there’s a toggle to activate DNS over TLS from Cloudflare.

MORE SETTINGS > Custom DNS Server

But what if I want to use other DNS provider such as NextDNS? I personally prefer NextDNS because it can also act as a DNS sinkhole. I’ve also paid for NextDNS Pro subscription. It’d be a shame if I don’t use it to its full potential 😛

Can we use NextDNS instead of Cloudflare? Yes, we can. It’s much easier if you’re on the latest version of vanilla OpenWrt, I believe you can just install luci-app-nextdns. If you want to stay on the official GL.iNet version (which is still using OpenWrt 15.05 as of July 2020), it’s a little more involved.

The way I use NextDNS is by modifying the configuration file to change the DNS server info from Cloudflare’s to NextDNS’. This way I can still toggle DNS over TLS easily from the Custom DNS Server menu.

Changing Cloudflare to NextDNS

To do this, we have to SSH into the router. If you’re using Windows, you can use PuTTY.

  • SSH to 192.168.8.1.
  • Login as root, then enter your password.
  • Type vi /etc/stubby/stubby.yml, then press Enter on your keyboard.

The command means that we want to edit the configuration file stubby.yml, using the text editor vi. Stubby is the application that does the DNS encryption, and it should’ve been pre-installed on the router.

  • After you open stubby.yml, find the following lines:
# IPv4 addresses
# # Cloudflare servers
- address_data: 1.1.1.1
tls_port: 853
tls_auth_name: "cloudflare-dns.com"

# # Cloudflare servers secondary
- address_data: 1.0.0.1
tls_port: 853
tls_auth_name: "cloudflare-dns.com"
  • Change it to:
# IPv4 addresses
# # Cloudflare servers
  - address_data: xx.xx.xx.x
    tls_port: 853
    tls_auth_name: "zzzzzz.dns1.nextdns.io"

# # Cloudflare servers secondary
  - address_data: yy.yy.yy.y
    tls_port: 853
    tls_auth_name: "zzzzzz.dns2.nextdns.io"

Where xx.xx.xx.x and yy.yy.yy.y are the DNS server IP of NextDNS, while zzzzzz is your NextDNS ID. Check those values at my.nextdns.io.

Additional notes:

  • To enter edit mode on vi, press Insert key on your keyboard.
  • To exit edit mode, press the Esc key on your keyboard.
  • To save and exit the file, type :x after you exit edit mode.
  • I only changed the IPv4 addresses, because that’s all I need, but you can also edit the IPv6 addresses if you need it.
  • It’s a good idea to keep a copy of stubby.yml before changing anything.

That’s it! Now your router should already use NextDNS instead of Cloudflare for encrypted DNS.

To check, visit my.nextdns.io and it should tell you whether you’re using their DNS or not.

Like this.

Ok, done! Hopefully the tutorial is useful for you who are looking to use NextDNS on your GL.iNet router.

Ciao.

Leave a Reply

Your email address will not be published. Required fields are marked *