DNScrypt dnscrypt installer for asuswrt

[Deleted member 28123]

Regarding the dnscrypt-proxy being killed, it's either the router ran out of memory or some error in the process itself. This is why I have added swap support in my script and still have log_level at 2.

@AtAM1: First you need to enable swap. If there's still problem please set log level at 0 to see if there's any error in the process.

Swap, 3GB, is enabled at the OS level. Do I need to enable it as a file in dnscrypt as well?

I enabled daemonize mode and so far no timeouts/hangs. I'll enable loglevel 2 then 0 to see what's going on, in case it fails.

By the way - I propose enabling daemonize, the 'no logs' option by default as well as changing dnscrypt.info URL from http to https in manager.

Thanks again for sharing this awesome script.


Sent from my A0001 using Tapatalk

 

[bigeyes0x0]

@AtAM1
No you don't need to. If so then likely an error on your proxy process or your configured dns server timeout.

I don't think daemonizing is gonna help as it's the exact same thing in most cases in Linux as running a process in the background, but I'll add it in like a few more minutes.

The dnscrypt.info you mentioned should be in the dnscrypt-proxy.toml itself. It's ok to have it in http because there's a signature file.

 

[M@rco]

Fixed!

On second thought it might have been better to wait until the general anesthesia had completely left my system, before I reinstalled my router...

 

[lukaszzsch]

Hi everyone,

Yesterday I installed dns crypt on my rt-ac5300. Latest merlin firmware, ab-solution, pixelserv, skynet enabled.
Dns filtering seemed to work well, a several suspicious websites were blocked.
But after reboot made by built-in scheduler internet connection stopped. Router was connected to wan. Finally I had to delete dnsscript to get my connection back.

Any ideas?

Wysłane z mojego LG-H870 przy użyciu Tapatalka

 

[Ashish Gupta]

I recently reset my router and installed dnscrypt v2 using the installer on page 19. I am also using AB solution 3.11.1

I have set dnscrypt to use cisco and google resolvers. pidof returns a number and top also shows dnscrypt is running however nslookup -type=txt debug.opendns.com ( both in ssh and windows terminal ) returns an error that this domain can't be resolved ( which means dnscrypt isn't configured properly ). AB is definitely working as most ads are blocked and even the ab logs show incremental ad blocks.

I have set the dns1 resolver as 192.168.1.1 in the lan settings on the router ( ac68u / 384.3.alpha2 )

Please advise on how to resolve this. Dnscrypt V1 was working before I reset the router and decided to setup V2 ( reset the router as moved to the 384 GPL from 382 )

I have uploaded the jffs and scripts to the rar file below

http://wikisend.com/download/859030/dnscrypt.rar

Thanks

 

[skeal]

I have set the dns1 resolver as 192.168.1.1 in the lan settings on the router ( ac68u / 384.3.alpha2 )

Clear the dns in lan and instead use 192.168.1.1 in wan settings. Give this a try and get back to us.

 

[Ashish Gupta]

I have set the dns1 resolver as 192.168.1.1 in the lan settings on the router ( ac68u / 384.3.alpha2 )

Clear the dns in lan and instead use 192.168.1.1 in wan settings. Give this a try and get back to us.

This worked. I thought I had set it in the WAN settings as well but somehow had forgotten to do it and it was using the ISP dns

Thanks

 

[skeal]

Does setting the log verbosity setting in the .toml file work for reducing log spam? I have a lot going on and need the logs a little cleaner.

 

[skeal]

Does setting the log verbosity setting in the .toml file work for reducing log spam? I have a lot going on and need the logs a little cleaner.

I just setup a sed -i script and remove the entries myself.

 

[M@rco]

When changing the following in dnscrypt-proxy.toml:

# Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)

log_level = 6

it'll only log fatal errors to syslog. Nothing else.

 

[skeal]

When changing the following in dnscrypt-proxy.toml:

# Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)

log_level = 6

it'll only log fatal errors to syslog. Nothing else.

I set that to 6 and rebooted....still getting loads of spam.

 

[skeal]

I set that to 6 and rebooted....still getting loads of spam.

Like I said my little script works awesome!

 

[M@rco]

I set that to 6 and rebooted....still getting loads of spam.

Strange, I changed it to test it for you and had not a single logline from dnscrypt-proxy in syslog after a reboot, and normally I see the latency check and the attempt to refresh the certificate every 30 minutes (as configured). I have only one server configured (cisco), so that might make a difference. I'm considering to extend the check time to a day or so, as Cisco certificates are (unfortunately) valid for a year...

 

[skeal]

I set this up to use google v2 and I'm really not sure what to think of my ipleak.net test. First I would like to add that my WAN DNS setting is 192.168.x.x I have the needed edit for dnsmasq.conf.add and a reboot. I have working DNS however the tests I do at ipleak.net show 62 dns servers. What have I done wrong??

 

[DonnyJohnny]

A nub way to check is I go ab-solutions, press f to see unfiltered dnsmasq log. U will see where your queries is sent to. And how it is replied.
So Long as u pre-resolved dns.google.com in dnsmasq.conf.add, the DOH will work.
server=/dns.google.com/8.8.8.8
#to download v2 server list
server=/download.dnscrypt.info/8.8.8.8

No need reboot router, just use
“service restart_dnsmasq”

 

[skeal]

I Put these two line into dnsmasq.conf.add still I get 62 dns servers listed on ipleak.net and restarted dnsmasq as advised. No changes.

server=/dns.google.com/8.8.8.8

server=/download.dnscrypt.info/8.8.8.8

 

[DonnyJohnny]

I Put these two line into dnsmasq.conf.add still I get 62 dns servers listed on ipleak.net and restarted dnsmasq as advised. No changes.

server=/dns.google.com/8.8.8.8

server=/download.dnscrypt.info/8.8.8.8

62 is correct. Sometime i get 70.
Google anycast is super crazy. They seems to have lots of redundancies.

Thing is all the Google server don't score well in DNS spoofability test.
https://www.grc.com/dns/dns.htm

But I think I shouldn't doubt their security. Lol

 

[john9527]

I Put these two line into dnsmasq.conf.add still I get 62 dns servers listed on ipleak.net and restarted dnsmasq as advised. No changes.

Do all the servers belong to google? I'm sure google load balances across multiple servers.
Also try dnsleaktest.com. with the 'Extended' test...it will tell you who owns the servers.

 

[skeal]

62 is correct. Sometime i get 70.
Google anycast is super crazy. They seems to have lots of redundancies.

Thing is all the Google server don't score well in DNS spoofability test.
https://www.grc.com/dns/dns.htm

But I think I shouldn't doubt their security. Lol

Great man I thought I was screwing up!

Do all the servers belong to google? I'm sure google load balances across multiple servers.
Also try dnsleaktest.com. with the 'Extended' test...it will tell you who owns the servers.

Yes I just used your idea and every one of the servers is google.

 

[skeal]

Syslogs just now showed the Google OK DoH the rtt is really high around 120ms.