CntrlAltDel
Occasional Visitor
Hi there,
I seem to be having an issue setting up DNSCrypt on my Asus RT-AC88U router with Merlin 386.7_2 installed.
In the below spoiler I've added everything that I input on my side.
I have WAN DNS configured on the webui and I have no DNS configured in DHCP/LAN settings.
Is there maybe something I need to change on my router webui to get DNSCrypt to work?
I've tried using StubbyDNS as well but that fails and all DNS requests fail even if I change my settings to default. I have to reset the router to fix it.
Same with DNScrypt if I enable DNSSEC in the installer.
I seem to be having an issue setting up DNSCrypt on my Asus RT-AC88U router with Merlin 386.7_2 installed.
In the below spoiler I've added everything that I input on my side.
I have WAN DNS configured on the webui and I have no DNS configured in DHCP/LAN settings.
Is there maybe something I need to change on my router webui to get DNSCrypt to work?
I've tried using StubbyDNS as well but that fails and all DNS requests fail even if I change my settings to default. I have to reset the router to fix it.
Same with DNScrypt if I enable DNSSEC in the installer.
Info: Detected RT-AC88U router.
Info: Detected Linux platform.
Info: Detected ARMv7 architecture.
Info: JFFS custom scripts and configs are already enabled.
Info: DNS Environment is Ready.
Info: Choose what you want to do:
1) Install/Update dnscrypt-proxy
2) Uninstall dnscrypt-proxy
3) Configure dnscrypt-proxy
4) Set timezone
5) Unset timezone
6) Install (P)RNG
7) Uninstall (P)RNG
8) Install swap file
9) Uninstall ALL
q) Quit
=> Please enter the number that designates your selection:, [1-9/q]: 1
Info: This operation will install dnscrypt-proxy and related files (<6MB)
Info: to jffs, no other data will be changed.
Info: Also some start scripts will be installed/modified as required.
=> Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
Info: installer is up to date. Skipping...
Info: Downloading manager
Info: Downloading dnscrypt-proxy-linux_arm-2.1.2.tar.gz
linux-arm/
linux-arm/example-forwarding-rules.txt
linux-arm/example-cloaking-rules.txt
linux-arm/example-blocked-ips.txt
linux-arm/dnscrypt-proxy
linux-arm/example-captive-portals.txt
linux-arm/LICENSE
linux-arm/localhost.pem
linux-arm/example-allowed-names.txt
linux-arm/example-blocked-names.txt
linux-arm/example-dnscrypt-proxy.toml
linux-arm/example-allowed-ips.txt
Info: Downloading public-resolvers.md
Info: Downloading public-resolvers.md.minisig
Info: Downloading relays.md
Info: Downloading relays.md.minisig
Info: Downloading odoh-servers.md
Info: Downloading odoh-servers.md.minisig
Info: Downloading odoh-relays.md
Info: Downloading odoh-relays.md.minisig
Info: Downloading dnscrypt-resolvers.csv
Info: Downloading dnscrypt-resolvers.csv.minisig
grep: /jffs/scripts/init-start: No such file or directory
grep: /jffs/scripts/init-start: No such file or directory
Info: Creating init-start file
Info: Configure init-start file
Info: Configure services-stop file
Info: Creating dnsmasq.postconf file
Info: Configure dnsmasq.postconf file
Info: Configure service-event-end file
Info: Configuring dnscrypt-proxy...
=> Do you want to redirect all DNS resolutions on your network through to Dnscrypt-Proxy? [y/n]: y
Info: You can choose to keep any custom dnsfilter values by only redirect non-custom traffic or send all traffic through to Dnscrypt-Proxy.
=> Do you want to redirect only NON-CUSTOM DNS resolutions on your network through to Dnscrypt-Proxy? [y/n]: y
Info: DNSFilter is set to control DNS through to Dnscrypt-Proxy, while leaving any Custom Rules and Values.
=> Do you want to run Dnsmasq as a local caching DNS service which includes sending the routers traffic to Dnscrypt-Proxy? [y/n]: y
Info: Choose DNS resolving load balancing strategy:
1) p2 (default)
2) ph
3) first
4) random
=> Select your strategy, [1-4]: 1
=> Do you want to use load balance estimator to adjust resolvers based on latency calculations? [y/n]: y
Info: Choose how your DNS servers are selected:
1) Automatically (default)
2) Manually
3) Static
=> Select your mode, [1-3]: 1
=> Use servers that support the DNSCrypt protocol [y/n]: y
=> Use servers that support the DNS-over-HTTPS protocol [y/n]: y
=> Use servers that support the Oblivious DNS-over-HTTPS protocol [y/n]: y
=> Use only servers that support DNSSEC [y/n]: n
=> Use only servers that do not log user's queries [y/n]: y
=> Use only servers that do not filter result [y/n]: n
=> Do you want to choose which servers to disable (this can be a long process)? [y/n]: n
Info: Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support...
Info: This option allows you to setup wildcard options for servers (server_name *) and relays (via=['*']) for all compatible servers and relays.
=> Do you only want to skip this option for Dnscrypt Servers (still required for ODOH)? [y/n]: n
Info: This allows for the use of server_name='*' as wildcard option for all servers compatible with relays.
Info: This will be the default route for all compatible servers.
Info: Additionally routes can be distinctly selected by using via=['*'] as relay wildcard.
=> Do you want to use wildcard relay (via=['*']) option? [y/n]: n
Info: You chose not to use wildcard for relay selection.
Info: Instead you will manually choose relays from a list.
Info: Available Relay servers:
1) anon-acsacsar-ams-ipv4: Anonymized DNS relay hosted in AMS on Scaleway
2) anon-cs-austria: Wien, Austria Anonymized DNS relay server provided by https://cryptostorm.is/
3) anon-cs-barcelona: Barcelona, Spain Anonymized DNS relay server provided by https://cryptostorm.is/
4) anon-cs-belgium: Brussels, Belgium Anonymized DNS relay server provided by https://cryptostorm.is/
5) anon-cs-berlin: Berlin, Germany Anonymized DNS relay server provided by https://cryptostorm.is/
6) anon-cs-brazil: Brazil Anonymized DNS relay server provided by https://cryptostorm.is/
7) anon-cs-bulgaria: Sofia, Bulgaria Anonymized DNS relay server provided by https://cryptostorm.is/
8) anon-cs-czech: Prague, Czech Republic Anonymized DNS relay server provided by https://cryptostorm.is/
9) anon-cs-dc: US - Washington, DC Anonymized DNS relay server provided by https://cryptostorm.is/
10) anon-cs-de: Frankfurt, Germany Anonymized DNS relay server provided by https://cryptostorm.is/
11) anon-cs-dk: Denmark Anonymized DNS relay server provided by https://cryptostorm.is/
12) anon-cs-dus1: Dusseldorf, Germany 1 Anonymized DNS relay server provided by https://cryptostorm.is/
58) anon-saldns99-conoha-ipv4: Hosted on ConoHa VPS Tokyo region (not a resolver, but just a relay). No log. From experimental [μODNS project](https://junkurihara.github.io/dns/).
59) anon-scaleway: Anonymized DNS relay hosted in France and maintained by Frank Denis (@jedisct1).
60) anon-scaleway-ams: Anonymized DNS relay hosted in Amsterdam and maintained by Frank Denis (@jedisct1).
61) anon-serbica: Anonymized DNS relay hosted in Netherlands by https://litepay.ch
62) anon-sth-se: Anonymized DNS relay hosted in Sweden - SE
63) anon-techsaviours.org: Anonymized DNS relay hosted in Nuremberg, Germany (netcup) and maintained by https://techsaviours.org
64) anon-tiarap: Anonymized DNS relay hosted in Singapore
65) anon-v.dnscrypt.uk-ipv4: Anonymized DNS relay hosted in UK on Vultr
=> Please choose RELAY server, [1-65]: 24
=> Please choose next RELAY server or press n to stop, [1-65/n]: 26
=> Please choose next RELAY server or press n to stop, [1-65/n]: 65
=> Please choose next RELAY server or press n to stop, [1-65/n]: n
Info: Now to pick relays for Oblivious DNS-over-HTTPS DNS servers.
Info: Available Relay servers:
1) odohrelay-crypto-sx: Oblivious DoH relay running on Fastly Compute@Edge.
2) odohrelay-ibksturm: Oblivious DoH relay hosted by Ibksturm. No Logs
3) odohrelay-koki-ams: Oblivious DoH relay in The Netherlands. No logs.
4) odohrelay-koki-se: Oblivious DoH relay in Sweden. No logs.
5) odohrelay-surf: SURFdomeinen oblivious DoH relay.
=> Please choose RELAY server, [1-5]: 3
=> Please choose next RELAY server or press n to stop, [1-5/n]: 4
=> Please choose next RELAY server or press n to stop, [1-5/n]: n
=> Do you want to add any static relays? [y/n]: n
=> Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly? [y/n]: y
Info: Set the DNS server(s) for initializing dnscrypt-proxy
Info: and router services (e.g. ntp) at boot
=> Default is 9.9.9.9:
=> 2nd Default is 8.8.8.8:
=> Set log level, default is 2, 0 is the most verbose, [0-6]: 2
Info: Writing dnscrypt-proxy configuration...
Info: Checking dnscrypt-proxy configuration...
[2022-11-08 16:57:30] [NOTICE] dnscrypt-proxy 2.1.2
[2022-11-08 16:57:31] [NOTICE] Dropping privileges
[2022-11-08 16:57:31] [NOTICE] Source [odoh-servers] loaded
[2022-11-08 16:57:31] [NOTICE] Source [odoh-relays] loaded
[2022-11-08 16:57:31] [NOTICE] Source [public-resolvers] loaded
[2022-11-08 16:57:31] [NOTICE] Source [relays] loaded
[2022-11-08 16:57:31] [NOTICE] Anonymized DNS: routing everything via [odohrelay-koki-ams odohrelay-koki-se anon-cs-london anon-cs-manchester anon-v.dnscrypt.uk-ipv4]
[2022-11-08 16:57:31] [NOTICE] Configuration successfully checked
Info: Starting dnscrypt-proxy...
*** Error: Couldn't start dnscrypt-proxy
*** Error: Please send WebUI System Log to dev
Info: Operation aborted. You can quit or continue
Info: Detected Linux platform.
Info: Detected ARMv7 architecture.
Info: JFFS custom scripts and configs are already enabled.
Info: DNS Environment is Ready.
Info: Choose what you want to do:
1) Install/Update dnscrypt-proxy
2) Uninstall dnscrypt-proxy
3) Configure dnscrypt-proxy
4) Set timezone
5) Unset timezone
6) Install (P)RNG
7) Uninstall (P)RNG
8) Install swap file
9) Uninstall ALL
q) Quit
=> Please enter the number that designates your selection:, [1-9/q]: 1
Info: This operation will install dnscrypt-proxy and related files (<6MB)
Info: to jffs, no other data will be changed.
Info: Also some start scripts will be installed/modified as required.
=> Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
Info: installer is up to date. Skipping...
Info: Downloading manager
Info: Downloading dnscrypt-proxy-linux_arm-2.1.2.tar.gz
linux-arm/
linux-arm/example-forwarding-rules.txt
linux-arm/example-cloaking-rules.txt
linux-arm/example-blocked-ips.txt
linux-arm/dnscrypt-proxy
linux-arm/example-captive-portals.txt
linux-arm/LICENSE
linux-arm/localhost.pem
linux-arm/example-allowed-names.txt
linux-arm/example-blocked-names.txt
linux-arm/example-dnscrypt-proxy.toml
linux-arm/example-allowed-ips.txt
Info: Downloading public-resolvers.md
Info: Downloading public-resolvers.md.minisig
Info: Downloading relays.md
Info: Downloading relays.md.minisig
Info: Downloading odoh-servers.md
Info: Downloading odoh-servers.md.minisig
Info: Downloading odoh-relays.md
Info: Downloading odoh-relays.md.minisig
Info: Downloading dnscrypt-resolvers.csv
Info: Downloading dnscrypt-resolvers.csv.minisig
grep: /jffs/scripts/init-start: No such file or directory
grep: /jffs/scripts/init-start: No such file or directory
Info: Creating init-start file
Info: Configure init-start file
Info: Configure services-stop file
Info: Creating dnsmasq.postconf file
Info: Configure dnsmasq.postconf file
Info: Configure service-event-end file
Info: Configuring dnscrypt-proxy...
=> Do you want to redirect all DNS resolutions on your network through to Dnscrypt-Proxy? [y/n]: y
Info: You can choose to keep any custom dnsfilter values by only redirect non-custom traffic or send all traffic through to Dnscrypt-Proxy.
=> Do you want to redirect only NON-CUSTOM DNS resolutions on your network through to Dnscrypt-Proxy? [y/n]: y
Info: DNSFilter is set to control DNS through to Dnscrypt-Proxy, while leaving any Custom Rules and Values.
=> Do you want to run Dnsmasq as a local caching DNS service which includes sending the routers traffic to Dnscrypt-Proxy? [y/n]: y
Info: Choose DNS resolving load balancing strategy:
1) p2 (default)
2) ph
3) first
4) random
=> Select your strategy, [1-4]: 1
=> Do you want to use load balance estimator to adjust resolvers based on latency calculations? [y/n]: y
Info: Choose how your DNS servers are selected:
1) Automatically (default)
2) Manually
3) Static
=> Select your mode, [1-3]: 1
=> Use servers that support the DNSCrypt protocol [y/n]: y
=> Use servers that support the DNS-over-HTTPS protocol [y/n]: y
=> Use servers that support the Oblivious DNS-over-HTTPS protocol [y/n]: y
=> Use only servers that support DNSSEC [y/n]: n
=> Use only servers that do not log user's queries [y/n]: y
=> Use only servers that do not filter result [y/n]: n
=> Do you want to choose which servers to disable (this can be a long process)? [y/n]: n
Info: Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support...
Info: This option allows you to setup wildcard options for servers (server_name *) and relays (via=['*']) for all compatible servers and relays.
=> Do you only want to skip this option for Dnscrypt Servers (still required for ODOH)? [y/n]: n
Info: This allows for the use of server_name='*' as wildcard option for all servers compatible with relays.
Info: This will be the default route for all compatible servers.
Info: Additionally routes can be distinctly selected by using via=['*'] as relay wildcard.
=> Do you want to use wildcard relay (via=['*']) option? [y/n]: n
Info: You chose not to use wildcard for relay selection.
Info: Instead you will manually choose relays from a list.
Info: Available Relay servers:
1) anon-acsacsar-ams-ipv4: Anonymized DNS relay hosted in AMS on Scaleway
2) anon-cs-austria: Wien, Austria Anonymized DNS relay server provided by https://cryptostorm.is/
3) anon-cs-barcelona: Barcelona, Spain Anonymized DNS relay server provided by https://cryptostorm.is/
4) anon-cs-belgium: Brussels, Belgium Anonymized DNS relay server provided by https://cryptostorm.is/
5) anon-cs-berlin: Berlin, Germany Anonymized DNS relay server provided by https://cryptostorm.is/
6) anon-cs-brazil: Brazil Anonymized DNS relay server provided by https://cryptostorm.is/
7) anon-cs-bulgaria: Sofia, Bulgaria Anonymized DNS relay server provided by https://cryptostorm.is/
8) anon-cs-czech: Prague, Czech Republic Anonymized DNS relay server provided by https://cryptostorm.is/
9) anon-cs-dc: US - Washington, DC Anonymized DNS relay server provided by https://cryptostorm.is/
10) anon-cs-de: Frankfurt, Germany Anonymized DNS relay server provided by https://cryptostorm.is/
11) anon-cs-dk: Denmark Anonymized DNS relay server provided by https://cryptostorm.is/
12) anon-cs-dus1: Dusseldorf, Germany 1 Anonymized DNS relay server provided by https://cryptostorm.is/
58) anon-saldns99-conoha-ipv4: Hosted on ConoHa VPS Tokyo region (not a resolver, but just a relay). No log. From experimental [μODNS project](https://junkurihara.github.io/dns/).
59) anon-scaleway: Anonymized DNS relay hosted in France and maintained by Frank Denis (@jedisct1).
60) anon-scaleway-ams: Anonymized DNS relay hosted in Amsterdam and maintained by Frank Denis (@jedisct1).
61) anon-serbica: Anonymized DNS relay hosted in Netherlands by https://litepay.ch
62) anon-sth-se: Anonymized DNS relay hosted in Sweden - SE
63) anon-techsaviours.org: Anonymized DNS relay hosted in Nuremberg, Germany (netcup) and maintained by https://techsaviours.org
64) anon-tiarap: Anonymized DNS relay hosted in Singapore
65) anon-v.dnscrypt.uk-ipv4: Anonymized DNS relay hosted in UK on Vultr
=> Please choose RELAY server, [1-65]: 24
=> Please choose next RELAY server or press n to stop, [1-65/n]: 26
=> Please choose next RELAY server or press n to stop, [1-65/n]: 65
=> Please choose next RELAY server or press n to stop, [1-65/n]: n
Info: Now to pick relays for Oblivious DNS-over-HTTPS DNS servers.
Info: Available Relay servers:
1) odohrelay-crypto-sx: Oblivious DoH relay running on Fastly Compute@Edge.
2) odohrelay-ibksturm: Oblivious DoH relay hosted by Ibksturm. No Logs
3) odohrelay-koki-ams: Oblivious DoH relay in The Netherlands. No logs.
4) odohrelay-koki-se: Oblivious DoH relay in Sweden. No logs.
5) odohrelay-surf: SURFdomeinen oblivious DoH relay.
=> Please choose RELAY server, [1-5]: 3
=> Please choose next RELAY server or press n to stop, [1-5/n]: 4
=> Please choose next RELAY server or press n to stop, [1-5/n]: n
=> Do you want to add any static relays? [y/n]: n
=> Do you want to skip using resolvers that are incompatible with anonymization instead of using them directly? [y/n]: y
Info: Set the DNS server(s) for initializing dnscrypt-proxy
Info: and router services (e.g. ntp) at boot
=> Default is 9.9.9.9:
=> 2nd Default is 8.8.8.8:
=> Set log level, default is 2, 0 is the most verbose, [0-6]: 2
Info: Writing dnscrypt-proxy configuration...
Info: Checking dnscrypt-proxy configuration...
[2022-11-08 16:57:30] [NOTICE] dnscrypt-proxy 2.1.2
[2022-11-08 16:57:31] [NOTICE] Dropping privileges
[2022-11-08 16:57:31] [NOTICE] Source [odoh-servers] loaded
[2022-11-08 16:57:31] [NOTICE] Source [odoh-relays] loaded
[2022-11-08 16:57:31] [NOTICE] Source [public-resolvers] loaded
[2022-11-08 16:57:31] [NOTICE] Source [relays] loaded
[2022-11-08 16:57:31] [NOTICE] Anonymized DNS: routing everything via [odohrelay-koki-ams odohrelay-koki-se anon-cs-london anon-cs-manchester anon-v.dnscrypt.uk-ipv4]
[2022-11-08 16:57:31] [NOTICE] Configuration successfully checked
Info: Starting dnscrypt-proxy...
*** Error: Couldn't start dnscrypt-proxy
*** Error: Please send WebUI System Log to dev
Info: Operation aborted. You can quit or continue
