OpenWrt Router Support
DNS-MNS now supports OpenWrt routers, allowing you to provide smart DNS resolution for your entire network. This is especially useful for Iranian users who want to bypass DNS censorship for all devices on their home network.Overview
DNS-MNS on OpenWrt operates in two modes:Upstream Mode (Recommended)
DNS-MNS works alongside dnsmasq. Dnsmasq stays on port 53 and forwards queries to DNS-MNS running on a different port.
Direct Mode
DNS-MNS replaces dnsmasq on port 53. Dnsmasq DNS is disabled, but DHCP continues to work.
Installation
Download the Correct Binary
OpenWrt runs on various architectures. Download the appropriate binary for your router:| Architecture | Download File | Common Routers |
|---|---|---|
| x86_64 | dns-mns-openwrt-x86_64 | x86 routers, virtual machines |
| MIPS | dns-mns-openwrt-mips | Older routers (TP-Link WR841N, etc.) |
| MIPSel | dns-mns-openwrt-mipsel | Some TP-Link and D-Link models |
| ARM v7 | dns-mns-openwrt-armv7 | Raspberry Pi 2/3, modern routers |
| ARM64 | dns-mns-openwrt-aarch64 | Raspberry Pi 4, high-end routers |
Identify Your Router Architecture
SSH into your OpenWrt router and run:x86_64→ Use x86_64 binarymips→ Use MIPS binarymipselormipsle→ Use MIPSel binaryarmv7l→ Use ARM v7 binaryaarch64→ Use ARM64 binary
Install on OpenWrt
- Download to your computer, then copy to the router:
- SSH to router and install:
- Verify installation:
Configuration
Step 1: Detect OpenWrt
Verify DNS-MNS detects your OpenWrt system correctly:Step 2: Choose and Setup Mode
- Upstream Mode (Recommended)
- Direct Mode
In this mode, dnsmasq remains the primary DNS on port 53, but forwards queries to DNS-MNS.This will:
- Configure dnsmasq to forward DNS queries to 127.0.0.1:5353
- Backup your original dnsmasq configuration
- Restart dnsmasq with new settings
Step 3: Check Status
View the current configuration:Step 4: Enable Auto-Start
To start DNS-MNS automatically on boot:Managing the Service
Start/Stop/Restart
View Logs
Restoring Original Configuration
If you need to revert to your original dnsmasq configuration:- Restore dnsmasq configuration from backup
- Restart dnsmasq with original settings
- Remove DNS-MNS configuration
CLI Commands Reference
| Command | Description |
|---|---|
dns-mns openwrt detect | Detect if running on OpenWrt and show system info |
dns-mns openwrt setup --mode upstream | Configure dnsmasq to use DNS-MNS as upstream |
dns-mns openwrt setup --mode direct | Configure DNS-MNS to replace dnsmasq on port 53 |
dns-mns openwrt status | Show current OpenWrt DNS configuration |
dns-mns openwrt restore | Restore original dnsmasq configuration |
Setup Flags
| Flag | Description | Default |
|---|---|---|
--mode | Operation mode: upstream or direct | upstream |
--listen | Listen address for DNS-MNS | 127.0.0.1 |
--port | Listen port for DNS-MNS (upstream mode) | 5353 |
--auto-start | Enable auto-start on boot | true |
Troubleshooting
DNS-MNS Not Detecting OpenWrt
Ifdns-mns openwrt detect fails, verify:
Dnsmasq Fails to Start
If dnsmasq fails after configuration:Port Already in Use
If port 5353 is already in use:Low Memory on Router
For routers with limited RAM (< 64MB):Building from Source for OpenWrt
To build a custom binary for your router:Comparison with SmartDNS
| Feature | DNS-MNS | SmartDNS |
|---|---|---|
| DoH/DoT Support | ✅ Built-in | ✅ Yes |
| DNSCrypt Support | ✅ Built-in | ❌ No |
| Auto Protocol Switching | ✅ Yes | ⚠️ Limited |
| Iran-Optimized | ✅ Yes | ⚠️ Generic |
| DPI Evasion | ✅ TLS Fragmentation | ❌ No |
| Censorship Detection | ✅ Yes | ❌ No |
| VLESS/REALITY Proxy | ✅ Built-in | ❌ No |
| OpenWrt Integration | ✅ Native UCI | ✅ Yes |
Best Practices
- Start with Upstream Mode: It’s safer and allows easy rollback
- Backup Your Config: Before making changes, backup
/etc/config/dhcp - Test Before Auto-Start: Manually test DNS resolution before enabling auto-start
- Monitor Memory Usage: On low-end routers, monitor with
free -h - Use Dashboard: Run
dns-mns dashboardto monitor performance
Related
- Setting DNS - General DNS configuration
- Fallback Proxy - Auto-switching encrypted DNS proxy
- DPI Evasion - Bypassing deep packet inspection