Ok one last question @Twiglets ... I want to use the log file included in the directory of dnscrypt. No matter what I do I cannot get it to work. Can you explain if it works for you please?
/jffs/dnscrypt/manager dnscrypt-start
/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
Thank you for your speedy reply sir! ... The second line in the above post, what does it do exactly? I'm a little confused it's early morning here...LOL.Did you try killing all instances and manually restarting dnscrypt-proxy without the -syslog parameter which is included automatically when you execute
Code:/jffs/dnscrypt/manager dnscrypt-start
Executing the line above, actually executes
Code:jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
and my guess would be it overrides any general logging options specified in dnscrypt-proxy.toml.
If I am not wrong, yes, Frank default is on, but using the installer, the default I think is off.
Thank you for your speedy reply sir! ... The second line in the above post, what does it do exactly? I'm a little confused it's early morning here...LOL.
/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
Is there any reason to not use dnscrypt's cache? Or does dnsmasq still cache so it's unnecessary overhead?
Few reasons:
- Running dnscrypt as standalone recursive and caching DNS server without dnsmasq as forwarder:
. It can only be run as root as you need to listen on port 53
. Without dnsmasq some internal domain names and router features will not work
- Running dnscrypt as recursive and caching DNS server with dnsmasq as forwarder: unnecessary overhead so it's better to leave dnsmasq with caching function anyway.
Sorry to be a pain in the butt. In manager I see this:Go grab some coffee first
Manager is just a script used to perform several actions. Use nano for example to open it and you'll see a section start_dnscrypt (which is called when you execute /jffs/dnscrypt/manager dnscrypt-start). If you look at the piece of code that is really executed (lines 30-36), it's
Code:/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
which causes dnscrypt-proxy to launch, log to syslog (where I assume it disregards any other logging options specified in its config file, see next parameter) and use /jffs/dnscrypt-proxy.toml as it's config file.
start_dnscrypt () {
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
killall -q dnscrypt-proxy
logger "Start dnscrypt-proxy"
cd /jffs/dnscrypt
nohup $DNSCRYPT_START >/dev/null 2>&1 </dev/null &
}
In the script .toml file I have this:Go grab some coffee first
Manager is just a script used to perform several actions. Use nano for example to open it and you'll see a section start_dnscrypt (which is called when you execute /jffs/dnscrypt/manager dnscrypt-start). If you look at the piece of code that is really executed (lines 30-36), it's
Code:/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
which causes dnscrypt-proxy to launch, log to syslog (where I assume it disregards any other logging options specified in its config file, see next parameter) and use /jffs/dnscrypt-proxy.toml as it's config file.
## log file for the application
# log_file = 'dnscrypt-proxy.log'
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = true
Please let me know your router model and firmware version too?
No worries, you're not. I think my explanation fell short.Sorry to be a pain in the butt.
I haven't gotten around to test this myself. Looking at your config there's a # in front ofI don't understand. I know it starts with the command you mentioned, but how do I get the dnscrypt-proxy.log working. My dnscrypt-proxy.log is blank and remains that way.
# log_file = 'dnscrypt-proxy.log'
/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log
# use_syslog = true
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml"
/jffs/dnscrypt/manager dnscrypt-start
Does this line need the single quotes by chance?No worries, you're not. I think my explanation fell short.
I haven't gotten around to test this myself. Looking at your config there's a # in front of
The # needs to be removed, as you're not specifying any location to log to right now. You can change the location if you want, so it won't log to jffs but to your USB drive for instance. Just enter the full location to where you want to log to:Code:# log_file = 'dnscrypt-proxy.log'
and save your changes.Code:/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log
Now dnscrypt-proxy needs to be restarted without the parameter -syslog, as we don't want it to log it to syslog anymore (you can't have both, I tried that). Also check the line
This line should have been commented out by default, so there needs to be a #-sign at beginning of the line.Code:# use_syslog = true
Next, for now, edit manager and remove -syslog from the following line
so it becomesCode:DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Save your changes. In nano that's done by <CTRL>-X, W. Now executeCode:DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Code:/jffs/dnscrypt/manager dnscrypt-start
This will kill all instances of dnscrypt-proxy and restart it, but now without the parameter to log to syslog. Instead, if you edited the .toml config file correctly, it should log to the file you specified. Keep in mind, you won't see dnscrypt-proxy restarting in syslog now as you have just told it to log to a file. So check the logfile to see if it works.
As said, I haven't tried this myself (and I can't currently), but this is how it should work. If it doesn't, you only need to restore manager by adding -syslog (see code line above) and everything should be fine again.
Let me know if it works (or otherwise I can try it first this weekend).
/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log
log_file = '/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log'
So it looks like this:Code:log_file = '/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log'
This works really nice. The system log shows only that it started a one line statement. The log location I have set works the line has to look like this though:No worries, you're not. I think my explanation fell short.
I haven't gotten around to test this myself. Looking at your config there's a # in front of
The # needs to be removed, as you're not specifying any location to log to right now. You can change the location if you want, so it won't log to jffs but to your USB drive for instance. Just enter the full location to where you want to log to:Code:# log_file = 'dnscrypt-proxy.log'
and save your changes.Code:/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log
Now dnscrypt-proxy needs to be restarted without the parameter -syslog, as we don't want it to log it to syslog anymore (you can't have both, I tried that). Also check the line
This line should have been commented out by default, so there needs to be a #-sign at beginning of the line.Code:# use_syslog = true
Next, for now, edit manager and remove -syslog from the following line
so it becomesCode:DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Save your changes. In nano that's done by <CTRL>-X, W. Now executeCode:DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Code:/jffs/dnscrypt/manager dnscrypt-start
This will kill all instances of dnscrypt-proxy and restart it, but now without the parameter to log to syslog. Instead, if you edited the .toml config file correctly, it should log to the file you specified. Keep in mind, you won't see dnscrypt-proxy restarting in syslog now as you have just told it to log to a file. So check the logfile to see if it works.
As said, I haven't tried this myself (and I can't currently), but this is how it should work. If it doesn't, you only need to restore manager by adding -syslog (see code line above) and everything should be fine again.
Let me know if it works (or otherwise I can try it first this weekend).
log_file = '/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log'
When you visit https://cloudflare-dns.com/help/ it will show you're 'connected' to 1.1.1.1 (ie. where your DNS-queries are being sent to) but it will also show which Cloudflare data center is responding to your queries. I assume that's the secondary IP you're mentioning.
I see no reason of crushing. By right, the installer manager will check for dnscrypt availablity and restart it if needed.
I am thinking of it could be USB disk problem. Corruption maybe?
Have you tried changing a USB disk and try again? Also, please turn off query cache in the toml. I don’t think it is needed and it will take up memory space and system resources.
Also try limiting to 1 or 2 dns servers instead of letting dnscrypt choose for you.
Makes sense now. I'll leave it disabled. Heads up to @bengalih.
Something else going on. I decided to format jffs and got dns resolution back. But I found that reboots (no usb drives or connections present) now gave erratic results. As if every other reboot would cause a loss of dns resolution. But at least I got my router back long enough to release
my Asus DDNS so that it could be used on my spare router.
Not messing about further: factory reset and manual restoration of settings.
So I don’t know if dnscrypt played any part, except that clearing jffs and removing the usb drive gave intermittent service.
Thanks again for your kind help.
tcpdump -i any -w mydump
admin@RT-AC68U-4C30:/tmp/home/root# ps | grep dnscrypt
129 admin 777m S /jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
533 nobody 778m S /jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml -child
1238 admin 4492 S grep dnscrypt
Hey there! Should we enable the cache option in dnscrypt-proxy.toml file?Skeal,
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
Sorry I read up on it and decided it would be good to enable cache. I also used the same instructions to setup query logging! Works great!Skeal,
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
I run both dnsmasq caching & dnscrypt-proxy caching, its value is dependent on how fast normal dns lookups are for you, how much you access the same dns addresses and can your router handle the additional memory use for more caching. !!!???Sorry I read up on it and decided it would be good to enable cache. I also used the same instructions to setup query logging! Works great!
UPDATE - In my poking around just now I've realized that apparently I'm *not* running a swap file from my last rebuild and yet thing seem to be relatively stable (i.e. no crash in 12+ hours, no crash (but stall) when running tcpdump). Nothing has really changed from prior when I couldn't get this thing to run 2 minutes without a swap...so don't know. I'm going to keep it up for a while like this and see how many days I can run without issue.
[2018-08-25 04:36:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
[2018-08-25 04:37:59] [NOTICE] Stopped.
[2018-08-25 04:37:59] [NOTICE] Stopped.
/jffs/dnscrypt/manager dnscrypt-start
[2018-08-24 22:00:46] [NOTICE] Stopped.
[2018-08-24 22:00:46] [NOTICE] Stopped.
[2018-08-25 04:34:07] [NOTICE] Stopped.
[2018-08-25 04:34:08] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:08] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 04:34:08] [NOTICE] Dropping privileges
[2018-08-25 04:34:09] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:09] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 04:34:09] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 04:34:09] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 04:34:10] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:10] [NOTICE] dnscrypt-proxy 2.0.16
....
[2018-08-25 04:34:12] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 04:34:12] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 04:34:14] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:14] [NOTICE] dnscrypt-proxy 2.0.16
...
(here I turn off swap and issue a dnscrypt-start to restart...)
[2018-08-25 05:06:10] [NOTICE] Stopped.
[2018-08-25 05:06:10] [NOTICE] Stopped.
(as you can see, the services stopped - but nothing at all is reloaded.
If I look for running dns-crypt processes I see none.
So I go ahead and issue *another* dnscrypt-start...)
[2018-08-25 05:06:27] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 05:06:27] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 05:06:27] [NOTICE] Dropping privileges
(So it starts to initialize...and I get this "dropping privileges" message.
If I look for running processes I see the dns-crypt process, but not the --child.
I let it sit like this for about 10 seconds and then I enable swap...)
[2018-08-25 05:06:44] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 05:06:44] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 05:06:44] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 05:06:44] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 05:06:45] [INFO] [cloudflare] TLS version: 303 - Protocol: h2 - Cipher suite: 52393
[2018-08-25 05:06:45] [NOTICE] [cloudflare] OK (DoH) - rtt: 24ms
[2018-08-25 05:06:45] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 24ms)
[2018-08-25 05:06:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Do you use a swap file, or are you working without issue sans swap?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!