What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Syslogs just now showed the Google OK DoH the rtt is really high around 120ms.
mine have 5-8ms, server based in my country
 
when I reboot router it takes about 5 minutes for it to get the wan ip, This problem started when I installed dnscrypt-proxy 2

My router RT-5300
FW - 380.69_2

Jan 29 03:02:36 ntp: start NTP update
Jan 29 03:02:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:02:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:02:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:02:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:03 ntp: start NTP update
Jan 29 03:03:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:30 ntp: start NTP update
Jan 29 03:03:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:03:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:03:57 ntp: start NTP update
Jan 29 03:04:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:24 ntp: start NTP update
Jan 29 03:04:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:04:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:04:51 ntp: start NTP update
Jan 29 03:05:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:05:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:05:18 ntp: start NTP update
Jan 29 03:05:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:05:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:05:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:05:45 ntp: start NTP update
Jan 29 03:05:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:05:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:12 ntp: start NTP update
Jan 29 03:06:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:40 ntp: start NTP update
Jan 29 03:06:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:06:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:06:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:07 ntp: start NTP update
Jan 29 03:07:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:34 ntp: start NTP update
Jan 29 03:07:35 Skynet: [ERROR] NTP Failed To Start After 5 Minutes - Please Fix Immediately!
Jan 29 03:07:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:07:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:07:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:00 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:00 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:01 ntp: start NTP update
Jan 29 03:08:10 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:10 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:20 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:20 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:28 ntp: start NTP update
Jan 29 03:08:30 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:30 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:40 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:40 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:50 dnscrypt-proxy[770]: [cisco] TIMEOUT
Jan 29 03:08:50 dnscrypt-proxy[770]: [cisco-familyshield] TIMEOUT
Jan 29 03:08:55 ntp: start NTP update
Jan 29 03:08:56 rc_service: udhcpc 716:notify_rc start_vpnclient1
Jan 29 03:08:59 dhcp_client: bound 192.168.100.20 via 0.0.0.0 during 20 seconds.
Jan 29 03:09:00 custom_script: Running /jffs/scripts/wan-start (args: 0)
Jan 29 03:09:00 rc_service: udhcpc 4743:notify_rc start_firewall
Jan 29 03:09:00 rc_service: waitting "start_vpnclient1" via ...
Jan 29 03:09:00 admin19: AB-Solution created br0:pixelserv 10.82.235.7 via /jffs/scripts/wan-start
Jan 29 03:09:00 dnscrypt-proxy[770]: Stopped.
Jan 29 03:09:00 admin19: Start dnscrypt-proxy
Jan 29 03:09:00 dnscrypt-proxy[4754]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 03:09:00 dnscrypt-proxy[4754]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 03:09:00 dnscrypt-proxy[4759]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 03:09:00 dnscrypt-proxy[4759]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 03:09:00 dnscrypt-proxy[4766]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 03:09:00 dnscrypt-proxy[4766]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 03:09:00 dnscrypt-proxy[4766]: Now listening to 127.0.0.1:65053 [UDP]
Jan 29 03:09:00 dnscrypt-proxy[4766]: Now listening to 127.0.0.1:65053 [TCP]
Jan 29 03:09:00 dnscrypt-proxy[4766]: [cisco] TIMEOUT
Jan 29 03:09:00 dnscrypt-proxy[4766]: [cisco-familyshield] TIMEOUT
Jan 29 03:09:00 dnscrypt-proxy[4766]: dial udp 208.67.220.123:443: connect: network is unreachable
Jan 29 03:09:00 dnscrypt-proxy[4766]: dnscrypt-proxy is waiting for at least one server to be reachable
Jan 29 03:09:10 dnscrypt-proxy[4766]: [cisco] OK (crypto v1) - rtt: 21ms
Jan 29 03:09:10 dnscrypt-proxy[4766]: [cisco-familyshield] OK (crypto v1) - rtt: 20ms
Jan 29 03:09:10 dnscrypt-proxy[4766]: Server with the lowest initial latency: cisco-familyshield (rtt: 20ms)
 
I think there's still some VPN setup in your config because it looks like your connection isn't actually up until this log line:
Jan 29 03:09:00 rc_service: waitting "start_vpnclient1" via ...

It's a chicken egg problem.
 
Yep you were correct found some left over vpn settings now when I reboot the router it not taking 5 mines to get a wan ip. I still see same TIMEOUT is this normal

Thank you so much for your help and sorry for saying it was your script.

dnscrypt-proxy[1335]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:07 dnscrypt-proxy[1335]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:07 dnscrypt-proxy[1345]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:07 dnscrypt-proxy[1345]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:07 dnscrypt-proxy[1352]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:07 dnscrypt-proxy[1352]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:07 dnscrypt-proxy[1352]: Now listening to 127.0.0.1:65053 [UDP]
Jan 29 05:36:07 dnscrypt-proxy[1352]: Now listening to 127.0.0.1:65053 [TCP]
Jan 29 05:36:07 dnscrypt-proxy[1352]: [cisco] TIMEOUT
Jan 29 05:36:07 dnscrypt-proxy[1352]: [cisco-familyshield] TIMEOUT
Jan 29 05:36:07 dnscrypt-proxy[1352]: dial udp 208.67.220.123:443: connect: network is unreachable
Jan 29 05:36:07 dnscrypt-proxy[1352]: dnscrypt-proxy is waiting for at least one server to be reachable
Jan 29 05:36:08 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jan 29 05:36:09 rc_service: udhcpc 1323:notify_rc stop_upnp
Jan 29 05:36:09 rc_service: waitting "start_firewall" via udhcpc ...
Jan 29 05:36:09 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 29 05:36:10 rc_service: udhcpc 1323:notify_rc start_upnp
Jan 29 05:36:10 rc_service: waitting "stop_upnp" via udhcpc ...
Jan 29 05:36:11 ntp: start NTP update
Jan 29 05:36:14 dhcp_client: bound 192.168.100.20 via 0.0.0.0 during 20 seconds.
Jan 29 05:36:17 ntp: start NTP update
Jan 29 05:36:17 dnscrypt-proxy[1352]: [cisco] TIMEOUT
Jan 29 05:36:17 dnscrypt-proxy[1352]: [cisco-familyshield] TIMEOUT
Jan 29 05:36:23 custom_script: Running /jffs/scripts/wan-start (args: 0)
Jan 29 05:36:23 rc_service: udhcpc 1612:notify_rc start_firewall
Jan 29 05:36:24 admin19: AB-Solution created br0:pixelserv 10.82.235.7 via /jffs/scripts/wan-start
Jan 29 05:36:25 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jan 29 05:36:25 dnscrypt-proxy[1352]: Stopped.
Jan 29 05:36:25 admin19: Start dnscrypt-proxy
Jan 29 05:36:25 dnscrypt-proxy[1652]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:25 dnscrypt-proxy[1652]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:25 dnscrypt-proxy[1658]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:25 dnscrypt-proxy[1658]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:25 dnscrypt-proxy[1666]: Source [http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Jan 29 05:36:25 dnscrypt-proxy[1666]: Starting dnscrypt-proxy 2.0.0beta11
Jan 29 05:36:25 dnscrypt-proxy[1666]: Now listening to 127.0.0.1:65053 [UDP]
Jan 29 05:36:25 dnscrypt-proxy[1666]: Now listening to 127.0.0.1:65053 [TCP]
Jan 29 05:36:25 rc_service: udhcpc 1612:notify_rc stop_upnp
Jan 29 05:36:25 rc_service: waitting "start_firewall" via udhcpc ...
Jan 29 05:36:25 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 29 05:36:26 dnscrypt-proxy[1666]: [cisco] OK (crypto v1) - rtt: 32ms
Jan 29 05:36:26 dnscrypt-proxy[1666]: [cisco-familyshield] OK (crypto v1) - rtt: 20ms
Jan 29 05:36:26 dnscrypt-proxy[1666]: Server with the lowest initial latency: cisco-familyshield (rtt: 20ms)
Jan 29 05:36:26 dnscrypt-proxy[1666]: dnscrypt-proxy is ready - live servers: 2
Jan 29 05:36:26 rc_service: udhcpc 1612:notify_rc start_upnp
Jan 29 05:36:26 rc_service: waitting "stop_upnp" via udhcpc ...
Jan 29 05:36:27 ntp: start NTP update
Jan 29 05:36:29 qos: Applying codel patch
Jan 29 05:36:30 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
Jan 29 05:36:30 WAN_Connection: WAN was restored.
Jan 29 05:36:31 kernel: IDPfw: TrendMicro forward module ver-1.0.34
Jan 29 05:36:31 kernel: IDPfw: Apply module param dev_wan=eth0
Jan 29 05:36:31 kernel: IDPfw: Apply module param sess_num=30000
Jan 29 05:36:32 kernel: IDPfw: Init chrdev /dev/idpfw with major 191
Jan 29 05:36:32 kernel: IDPfw: IDPfw is ready
Jan 29 05:36:32 kernel: sizeof forward param = 160
Jan 29 05:48:13 rc_service: ntp 1238:notify_rc restart_upnp
Jan 29 05:48:14 rc_service: ntp 1238:notify_rc restart_diskmon
Jan 29 05:48:14 disk_monitor: Finish
Jan 29 05:48:15 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/Network) (pid=1410) - Exiting
Jan 29 05:48:15 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/Network )
Jan 29 05:48:15 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/Network) (pid=1410) - Exiting
Jan 29 05:48:15 rc_service: udhcpc 1612:notify_rc start_firewall
Jan 29 05:48:15 rc_service: waitting "restart_diskmon" via ntp ...
Jan 29 05:48:16 dhcp_client: bound ********* via ********** during 310277 seconds.
Jan 29 05:48:18 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jan 29 05:48:18 disk_monitor: be idle
Jan 29 05:48:19 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 29 05:48:19 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/Network) (pid=1410) - Exiting
Jan 29 05:48:21 kernel: ip_set: protocol 6
Jan 29 05:48:44 Skynet: [Complete] 171550 IPs / 19879 Ranges Banned. 171550 New IPs / 19879 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [29s]
 
Last edited:
Quick question regarding dnscrypt config.
Should I change the Wan DNS server to 192.168.1.1?
It set to level3 DNS and Google. I have DNScrypt set to OpenDNS. The debug.opendns.com command don't always show dnscrypt enable.
Is this normal?
 
I installed beta 10 yesterday and 11 today, and have noticed that the dnscrypt process times out every 30mins or so. The only way to restore it is to restart the dnscrypt process by running ./manager dnscrypt-start - the output from the logs / shell:

Now with the v2 version of dnscrypt-proxy :rolleyes:, and amtm, Skynet, AB-Solution (Medium+) and openssh-sftp-server installed and TM's AI Protection activated in the meantime, still no issues with dnscrypt-proxy timing out after 30 minutes or so. It has been running for nearly 11 hours solid now:

UbwviK4.png


Using a 512Mb swapfile on a RT-AC68U.
 
Last edited by a moderator:
Quick question regarding dnscrypt config.
Should I change the Wan DNS server to 192.168.1.1?
It set to level3 DNS and Google. I have DNScrypt set to OpenDNS. The debug.opendns.com command don't always show dnscrypt enable.
Is this normal?
U are supposed to keep Wan dns as Manual and blank.
If not, the queries are not passing thru dnscrypt-proxy but the dns u defined . In this case, level3 and Google. Dns leak!!!
 
Now with the v2 version of dnscrypt-proxy :rolleyes:, and amtm, Skynet, AB-Solution (Medium+) and openssh-sftp-server installed and TM's AI Protection activated in the meantime, still no issues with dnscrypt-proxy timing out after 30 minutes or so. It has been running for nearly 11 hours solid now

@bigeyes0x0 Pretty sure enabling the daemonize option was the fix as 24 hours have passed without crashes/hangs.
 
@bigeyes0x0 Pretty sure enabling the daemonize option was the fix as 24 hours have passed without crashes/hangs.

Glad to hear that solved the crashes and hangs for you, but mine is still running in non-daemonized mode without issues. I'm curious though whether it would have an effect on system resources, so I might give it a try as well to see if there's a significant difference.
 
Connect to DNS Server automatically in WAN DNS Settings should be set to 'No' and the fields should be left blank:

95wXjXY.png
I have static ip and the gui does not let you save without entering dns info. I therefore have set the dns to my routers local ip. No problems running this way so far. Is this ok?
 
I have static ip and the gui does not let you save without entering dns info. I therefore have set the dns to my routers local ip. No problems running this way so far. Is this ok?

Are you in WAN DNS Settings? Then you should be able to save without filling DNS 1 or DNS 2.
If not, entering your routers' local IP in DNS 1 will just point back to dnscrypt-proxy, if I'm correct, so I don't think it matters. I had DNS 1 set to 192.168.1.1 previously myself, until I found out there was no need to. As long as there's no external DNS server in either of these fields, as that will cause DNS-leaks. If I recall correctly, I think @DonnyJohnny even mentioned it would be mandatory for OpenVPN setups to enter your routers local IP, but I don't use OpenVPN, so I can't verify.
 
Are you in WAN DNS Settings? Then you should be able to save without filling DNS 1 or DNS 2.
If not, entering your routers' local IP in DNS 1 will just point back to dnscrypt-proxy, if I'm correct, so I don't think it matters. I had DNS 1 set to 192.168.1.1 previously myself, until I found out there was no need to. As long as there's no external DNS server in either of these fields, as that will cause DNS-leaks. If I recall correctly, I think @DonnyJohnny even mentioned it would be mandatory for OpenVPN setups to enter your routers local IP, but I don't use OpenVPN, so I can't verify.
I am in WAN DNS settings. I have a static ip and not defining a DNS server in DNS settings cannot be accomplished. The gui will not save without an address. So I use the routers local address. ( I have no dns defined in lan settings.....just thought I would clarify this as well. )
 
I have a static ip and not defining a DNS server in DNS settings cannot be accomplished.

I have a 'dynamic' IP address (which hasn't changed for years...) but it could very well be that selecting a static IP when setting up your internet connection forces you to define DNS-servers when you choose not to connect automatically. Anyway, with your routers IP in DNS 1 you should be ready to rumble. Thanks for clarifying!
 
@MartinDEE There's something strange with your setup. Looking through your log you can see various lines where your router is trying repeatedly to update time through NTP, but it doesn't succeed. You either aren't connected to the internet or you have some other (incorrect) DNS-settings in WAN > WAN DNS Settings, causing the router unable to resolve DNS before dnscrypt-proxy is active. The timeout in dnscrypt-proxy is caused by not being able to connect. Also you get assigned a local IP address, yet pixelserv binds to a whole different IP-range which I think it shouldn't. Then, finally, it's able to setup a working connection and resolve through dnscrypt-proxy. Not sure what you have running on it besides dnscrypt, AB-Solution and Skynet, but you might consider doing a factory reset and configure it from scratch to sort things out, because some settings are definitely incorrect, imho.
 
Quick question regarding dnscrypt config.

Should I change the Wan DNS server to 192.168.1.1?
It set to level3 DNS and Google. I have DNScrypt set to OpenDNS. The debug.opendns.com command don't always show dnscrypt enable.
Is this normal?
U are supposed to keep Wan dns as Manual and blank.
If not, the queries are not passing thru dnscrypt-proxy but the dns u defined . In this case, level3 and Google. Dns leak!!!

The "no-resolv" config in dnsmasq.conf should disable these WAN DNS settings so I really don't understand why you guys having dns leak. A few things to check:
1. /etc/dnsmasq.conf should contain (for my latest installer beta script):
no-resolv
server=127.0.0.1#65053
server=/pool.ntp.org/8.8.8.8 // this depends on your ntp settings
server=/time.nist.gov/8.8.8.8
server=/download.dnscrypt.info/8.8.8.8
server=/dns.google.com/8.8.8.8
server=/raw.githubusercontent.com/8.8.8.8

2. Your client dns (e.g. Windows, Linux, IOS, Android phone...) should only be your router IP

If you still have leak after that, we're going into more details then.

@MartinDEE It looks good now.
 
The "no-resolv" config in dnsmasq.conf should disable these WAN DNS settings so I really don't understand why you guys having dns leak

I'm not sure either. I know no-resolv should make dnsmasq bypass anything stored in WAN DNS 1 and 2, but I'm not completely if it always does. I had DNS leaks when I previously had 208.67.220.220 in WAN DNS 1 (because I had issues resolving raw.githubusercontent.com to download the resolvers list, but only with the first betas. That's before I found out how to use dnsmasq.conf.add). Could it be dns leaks might also have been caused by clients caching dns locally? Currently with beta 11, with both WAN DNS servers in the WebUI blank, I have no leaks whatsoever anymore, so everything runs smoothly here.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top