In this article I’ll show you how to properly setup SmartDNS in DD-WRT. You’ll get advanced DNS caching, faster DNS using multiple resolvers and most importantly encrypted DNS with DoT (DNS over TLS) and DoH (DNS over HTTPS).
This article comes after months of collaboration with DD-WRT developers and users, a joint effort that led to a great, bug free implementation of SmartDNS which is tightly integrated with DD-WRT. If you plan to follow along make sure your router is running at least DD-WRT v3.0-r50927.
Traditionally DD-WRT uses dnsmasq for both DHCP and DNS which means that when you want to open a website your computer will get it’s IP from the dnsmasq instance running in your router. The latter will, in turn, gather that information usually from your ISP’s recursive DNS servers.
Although setup works it has major drawbacks:
- Poor performance;
- No support for encrypted DNS over DoH or DoT – prone to government surveillance and/or censorship since all your DNS requests are unencrypted;
- Limited configuration.
Enter the World of SmartDNS
SmartDNS accepts DNS query requests from local clients, obtains DNS query results from multiple upstream DNS servers, and returns the fastest access results to clients. Avoiding DNS pollution and improving network access speed, supports high-performance ad filtering. Unlike dnsmasq’s all-servers, smartdns returns the fastest access resolution.https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#faq
In short SmartDNS is a modern-day daemon built to tackle the issues of dnsmasq highlighted above.
Setup > Basic Setup and under
Network Setup make sure you set the following options:
Make sure to set the
Local DNS to the IP of your own router, without it the router itself won’t be able to do DNS resolution internally. It is also required to disable the
Use dnsmasq for DNS option so SmartDNS can take over and serve your DNS directly to your devices.
Services > Services configure SmartDNS and disable all the DNS related dnsmasq options:
SmartDNS Resolver > Additional Options is where you can set your encrypted upstream DNS servers, those are the servers that will answer your DNS requests. For instance if you’ve looking for high performance and reasonable privacy you may choose Cloudflare like I did:
server-tls 22.214.171.124:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-tls 126.96.36.199:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-https https://188.8.131.52/dns-query -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-https https://184.108.40.206/dns-query -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com
If you’ve IPv6 you may also add IPv6 DNS servers:
server-tls [2606:4700:4700::1111]:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-tls [2606:4700:4700::1001]:853 -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-https https://[2606:4700:4700::1001]/dns-query -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com server-https https://[2606:4700:4700::1111]/dns-query -host-name: cloudflare-dns.com -tls-host-verify: cloudflare-dns.com
I’ve included both DoT and DoH DNS servers (
server-https), both are encrypted and secure and SmartDNS will pick the faster protocol and server from the list automatically.
3. Save and Apply all settings. Enjoy!
There are other configuration options for SmartDNS, for example:
cache-size 100 # Limits the number of cached DNS entries. address /service.example.org/172.21.1.10 # Force service.example.org to resolve to 172.21.1.10.
I personally use the
cache-size set to
100 in my R7000 in order to avoid filling the router’s RAM with cached DNS entries.