I have installed dnscrypt following the instructions on github. It seems to be working, but using a default server. I'd like to change the DNS resolver as per these directions on configuration, but cannot seem to locate the dnscrypt-proxy.config file anywhere. Any clues where it got stashed?
dnscrypt configuration question
- Thread starter torchddv
- Start date
skeal
Part of the Furniture
Rather than doing it that way take a look at the auto installer for dnscrypt its the same program just installs asking which dns server you want based on location it allows for two dns server addresses. Works real well
Code:
https://www.snbforums.com/threads/release-dnscrypt-installer-for-asuswrt.36071Ok, I tried that and it broke the internet.
Specifically, while I could successfully ping an IP (eg: "ping 8.8.8.8" would successfully return 4 pings) I had no DNS resolver (eg: "ping google.com" would result in 4 time-outs).
Now, it is possible that the resolver I picked was dead (although it seems to be up right now). So I tried running the install script again (via your terminal menu). That just froze the screen, possibly because it was trying to access the internet that was previously broken. I had a wonderful and entertaining time weeding out the dnscrypt references in all the various scripts so I could use the internet again. Even so, for some reason, my IPv6 tunnel update script still wouldn't run and I ended up doing a factory reset before restoring the whole router and JFFS from this morning's backup.
I note that your script installed dnscrypt in JFFS instead of optware. I suspect that it did not fully or properly check for or remove the existing version first and that one interfered with the other. If this is the case, you might want to institute such a check, or at least warn people of the incompatibility.
Assuming I am correct about the install script trying to access the internet, you should add a check so it can fail gracefully if there is no connectivity. Ideally offering provision to select a different DNS resolver without the need to access the internet. Or at the very least, an uninstall option.
skeal
Part of the Furniture
If you select to resolve all dns through encrypt you cannot have any lan static end as well your wan dns should be set to the routers address. Sometimes a isp dns is used for a few queries in wan settings but only one successful attempt is needed. Then change wan dns to your routers private address ex: 192.168.1.1 and you should have dns at that point. Your loss of internet connection is probably caused by your lan dns or wan dns settings. My apologies for not adding this to my instructions.
skeal
Part of the Furniture
Sorry for all the trouble I caused. Please try to use the above posts settings.
If nothing, it's educational.
Changing the WAN dns setting to point at the router's IP address did allow the tunnel endpoint to update on reboot properly. However, there's still no DNS available to computers on the local network. Changing the LAN settings had no effect at all.
Changing the WAN dns setting to point at the router's IP address did allow the tunnel endpoint to update on reboot properly. However, there's still no DNS available to computers on the local network. Changing the LAN settings had no effect at all.
skeal
Part of the Furniture
Do you have connect to dns server automaticaly in wan settings? Are some of your clients static addressed? Do you have a public static ip? The only dns ip in wan settings should be your private router ip ie: 192.168.x.x. What settings do you have set on lan page. On the dhcp server page make sure this set.
Code:
Advertise router's IP in addition to user-specified DNS answer should be yes.Yes.
Yes. 3 webcams and a sensor suite on a separate guest network SSID. Technically I guess they are servers, not clients, but they have static addresses. Is this a problem?
IPv4: No, dynamic from the ISP. IPv6: yes, static via HE Tunnelbroker.
Tried "connect to DNS server automatically" and tried setting DNS to 192.168.0.1 (the router IP)
Was originally "Yes" with no DNS specified. Tried Yes and NO, specifying 192.168.0.1
I'm away until Monday, so screen shots and further experimentation will have to wait for another day. I don't have VPS though, just the IPv6 "6 in 4" tunnel. No IPv6 DNS specified. Router advertisement is enabled. The tunnel endpoint is updated automatically via scripting in jffs/scripts/wan-start. Oddly, it doesn't need DNS as the script points directly at tunnelbroker's IP. FWIW, here is the script:
Code:
########################
#Tunnel endpoint update
########################
echo "" >> $STARTUP_SCRIPT_LOG_FILE
echo "HE IPv6 Script started" >> $STARTUP_SCRIPT_LOG_FILE
#get a hash of the plaintext password
MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/ -//g'`
echo `date` >> $STARTUP_SCRIPT_LOG_FILE
echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE
#update HE endpoint
#need to allow wan ping or HE will not validate new endpoint
iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $TEMPFILE
cat $TEMPFILE >> $STARTUP_SCRIPT_LOG_FILE
echo "" >> $STARTUP_SCRIPT_LOG_FILE
rm $TEMPFILE(the variables were defined at the top of wan-start. eg: $HE_VERIFY_SERVER_IP is set to their IP address)
skeal
Part of the Furniture
Let me know with a pm when you can send some screen shots. Cheers!
Similar threads
Similar threads
Similar threads
-
-
-
DSL-AC68U - Configuration panels on GUI have disappeared
- Started by chrisisbd
- Replies: 1
-
-
-
Questions on moving from Stock to Merlin and will it affect my configuration?
- Started by Marvin Gage
- Replies: 8
-
can configuration information of the same firmware version be exported/imported to each other?- Started by fffddd
- Replies: 46
-
-
-
