DNScrypt dnscrypt installer for asuswrt
- Thread starter bigeyes0x0
- Start date
-
- Tags
- dnscrypt
M
M@rco
Guest
Did you try killing all instances and manually restarting dnscrypt-proxy without the -syslog parameter which is included automatically when you execute
Code:
/jffs/dnscrypt/manager dnscrypt-startExecuting the line above, actually executes
Code:
/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.tomland my guess would be it overrides any general logging options specified in dnscrypt-proxy.toml.
Last edited by a moderator:
skeal
Part of the Furniture
Thank you for your speedy reply sir! ... The second line in the above post, what does it do exactly? I'm a little confused it's early morning here...LOL.
M
M@rco
Guest
Even though their AMS data center is hosted at AMSIX, CloudFlare is not the fastest around here, response times vary between 13 ~ 60 ms, whereas others consistently are around 9 ~ 12 ms. However, none of them support DoH, which is why I tried with cache = true.
That's correct indeed. I haven't found a reason yet why @bigeyes0x0 decided to disable it by default. It would honestly surprise me when it was to prevent wearing out memory. It seems to me like we in general underestimate the quality of the internal components of our hardware, when reading Eric's comments on it.
That's correct indeed. I haven't found a reason yet why @bigeyes0x0 decided to disable it by default. It would honestly surprise me when it was to prevent wearing out memory. It seems to me like we in general underestimate the quality of the internal components of our hardware, when reading Eric's comments on it.
M
M@rco
Guest
Go grab some coffee first
Manager is just a script used to perform several actions. Use nano for example to open it and you'll see a section start_dnscrypt (which is called when you execute /jffs/dnscrypt/manager dnscrypt-start). If you look at the piece of code that is really executed (lines 30-36), it's
Code:
/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.tomlwhich causes dnscrypt-proxy to launch, log to syslog (where I assume it disregards any other logging options specified in its config file, see next parameter) and use /jffs/dnscrypt-proxy.toml as it's config file.
M
M@rco
Guest
skeal
Part of the Furniture
Sorry to be a pain in the butt. In manager I see this:Go grab some coffee first
Manager is just a script used to perform several actions. Use nano for example to open it and you'll see a section start_dnscrypt (which is called when you execute /jffs/dnscrypt/manager dnscrypt-start). If you look at the piece of code that is really executed (lines 30-36), it's
Code:/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
which causes dnscrypt-proxy to launch, log to syslog (where I assume it disregards any other logging options specified in its config file, see next parameter) and use /jffs/dnscrypt-proxy.toml as it's config file.
Code:
start_dnscrypt () {
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
killall -q dnscrypt-proxy
logger "Start dnscrypt-proxy"
cd /jffs/dnscrypt
nohup $DNSCRYPT_START >/dev/null 2>&1 </dev/null &
}skeal
Part of the Furniture
In the script .toml file I have this:Go grab some coffee first
Manager is just a script used to perform several actions. Use nano for example to open it and you'll see a section start_dnscrypt (which is called when you execute /jffs/dnscrypt/manager dnscrypt-start). If you look at the piece of code that is really executed (lines 30-36), it's
Code:/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
which causes dnscrypt-proxy to launch, log to syslog (where I assume it disregards any other logging options specified in its config file, see next parameter) and use /jffs/dnscrypt-proxy.toml as it's config file.
Code:
## log file for the application
# log_file = 'dnscrypt-proxy.log'
## Use the system logger (syslog on Unix, Event Log on Windows)
# use_syslog = trueSomething else going on. I decided to format jffs and got dns resolution back. But I found that reboots (no usb drives or connections present) now gave erratic results. As if every other reboot would cause a loss of dns resolution. But at least I got my router back long enough to release
my Asus DDNS so that it could be used on my spare router.
Not messing about further: factory reset and manual restoration of settings.
So I don’t know if dnscrypt played any part, except that clearing jffs and removing the usb drive gave intermittent service.
Thanks again for your kind help.
M
M@rco
Guest
No worries, you're not. I think my explanation fell short.
I haven't gotten around to test this myself. Looking at your config there's a # in front of
Code:
# log_file = 'dnscrypt-proxy.log'
Code:
/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.logNow dnscrypt-proxy needs to be restarted without the parameter -syslog, as we don't want it to log it to syslog anymore (you can't have both, I tried that). Also check the line
Code:
# use_syslog = trueNext, for now, edit manager and remove -syslog from the following line
Code:
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Code:
DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml"
Code:
/jffs/dnscrypt/manager dnscrypt-startThis will kill all instances of dnscrypt-proxy and restart it, but now without the parameter to log to syslog. Instead, if you edited the .toml config file correctly, it should log to the file you specified. Keep in mind, you won't see dnscrypt-proxy restarting in syslog now as you have just told it to log to a file. So check the logfile to see if it works.
As said, I haven't tried this myself (and I can't currently), but this is how it should work. If it doesn't, you only need to restore manager by adding -syslog (see code line above) and everything should be fine again.
Let me know if it works (or otherwise I can try it first this weekend).
skeal
Part of the Furniture
Does this line need the single quotes by chance?
Code:
/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log
Code:
log_file = '/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log'
M
M@rco
Guest
Yes, that's correct. The full path and filename is between single quotes, like the example in dnscrypt-proxy.toml.
skeal
Part of the Furniture
This works really nice. The system log shows only that it started a one line statement. The log location I have set works the line has to look like this though:
Code:
log_file = '/mnt/<insert usb label here>/<insert folder here or leave blank>/dnscrypt-proxy.log'
bengalih
Senior Member
Thanks for that...easy way to actually see if DoH is being used short of having to actually read the packets!
I've had this issue on 2 different USB drives (both formatted new specifically for this purpose). The drive I have in there now is brand new. Also, not having any issues with AB or pixelserv. Only disk issue I was running into was when I had my new drive (which is USB 3.1) plugged into the USB 3.0 port it would fail to mount sometimes. So I switched it to the 2.0 port and no issues.
I've also had this issue when using the "automatic" option or when setting it manually to Google or as I have now cloudflare.
I have been running for close to 20 hours now with seemingly no crash, but it seems very fragile. For instance, there is no reason it should be crashing if I run a tcpdump, etc. Also it is incredibly non-resilient. As I mentioned when I have got crashes occasionally a restart of the service doesn't fix it. It doesn't always launch the -child process and I sometimes need to restart it like 5 times to see that run. In some cases I have to reboot the entire router. Based on the error messages I recorded in my earlier posts it sure seems to be a memory issue of some sort, but I find that incredibly unlikely based on what my router is reporting. Sure is is always possible something is wrong with my hardware (as all the software, settings, drive, etc has been reset more than once) - but there is nothing else that points to that.
Thanks, I'll disable mine too if for no other reason than to run the same config as at least one other person for testing reasons.
Well if you cleared jffs, that would mean you would have to reinstall dns-crypt, right? So if you are reinstalling you are restarting the services. Also, if you aren't booting up with a usb drive in then you likely don't have a swap file, right?
I have found that I can't get this to run for more than a couple of minutes without a swap file. If you look back a few pages at my first posts in the thread you will see that I was actually getting memory errors on (some of) my install attempts. This was even though the router reported over 50% of free memory. While I am still getting crashes I seem to be doing much better having a swap file configured, even though the system reports it isn't being used at all. I'm unsure of why this is (perhaps some sort of vmem allocation issue?).
Anyway - I'm curious who of you are using a swap file?
Also - if anyone would be so kind as to do some tests for me and see what you see.
1) Check if you are running a swap file: Type 'free' at the command prompt at send the output.
2) Try to run a tcpdump:
Code:
tcpdump -i any -w mydump(press ctrl+c) to end dump. Right now a tcpdump for me causes no dns queries to be returned - though dnscrypt is currently *not* crashing and resumes operation as soon as I kill the tcpdump.
EDIT: More tests and I have dns-crypt crashing now everytime tcpdump is stopped or started. Seems if I start tcpdump first and then dns-crypt I can get a capture. However the behavior of all this is very erratic.
3) Tell me what the output of your running dnscrypt process are. What I see is:
Code:
admin@RT-AC68U-4C30:/tmp/home/root# ps | grep dnscrypt
129 admin 777m S /jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml
533 nobody 778m S /jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml -child
1238 admin 4492 S grep dnscryptWhen DNS resolution breaks what I usually see is that the "-child" process isn't running. I'm interested to see if others see the same behavior.
UPDATE - In my poking around just now I've realized that apparently I'm *not* running a swap file from my last rebuild and yet thing seem to be relatively stable (i.e. no crash in 12+ hours, no crash (but stall) when running tcpdump). Nothing has really changed from prior when I couldn't get this thing to run 2 minutes without a swap...so don't know. I'm going to keep it up for a while like this and see how many days I can run without issue.
Last edited:
Twiglets
Senior Member
Skeal,
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
skeal
Part of the Furniture
Hey there! Should we enable the cache option in dnscrypt-proxy.toml file?Skeal,
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
skeal
Part of the Furniture
Sorry I read up on it and decided it would be good to enable cache. I also used the same instructions to setup query logging! Works great!Skeal,
Sorry I was too late to answer your question but M@rco answered it 'par excellence' !!!
FYI, look at the 'example-dnscrypt-proxy.toml' & 'example*.txt' files in /jffs/dnscrypt to see how to use/configure files for dnscrypt-proxy.
Also see https://github.com/jedisct1/dnscrypt-proxy/wiki where all is explained.
Note: When upgrading dnscrypt-proxy it is always worth checking the 'example-dnscrypt-proxy.toml' file as new options sometimes appear in the configuration file.
Twiglets
Senior Member
I run both dnsmasq caching & dnscrypt-proxy caching, its value is dependent on how fast normal dns lookups are for you, how much you access the same dns addresses and can your router handle the additional memory use for more caching. !!!???Sorry I read up on it and decided it would be good to enable cache. I also used the same instructions to setup query logging! Works great!
[read: how long is a piece of string !!!??? .... try it for a day or two and compare to performance without it enabled & typical performance.
]I think the general advice is use dnsmasq caching OR dnscrypt-proxy caching ..... but I am not good at taking advice blindly
I do not have any metrics to compare the performance of each type of caching but one will be faster than the other and with particular usage patterns it may be possible you are slower than the *best* performance you could theoretically get.
I know from experience, many many moons ago, you can get strange interuptions to 'flow' when multiple caches are in a pipeline due to caches being manipulated at different times.
[I am sure that there is some very interesting maths to describe it all, which I could not possibly understand.
]
Last edited:
bengalih
Senior Member
Ok, I just came home and found that my dns was out again and dnscrypt looks like it stopped about 2 hours ago while I was out. I have logging turned up to "0" and everytime I have a problem what the log shows is:
Code:
[2018-08-25 04:36:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
[2018-08-25 04:37:59] [NOTICE] Stopped.
[2018-08-25 04:37:59] [NOTICE] Stopped.This seems kind of strange as-in, not exactly a crash since dnscrypt is able to log that it has stopped. It has to somehow then be aware that it is being terminated in a somewhat graceful manner.
I then tried to restart with
Code:
/jffs/dnscrypt/manager dnscrypt-startAnd this is what was showing in my log:
Code:
[2018-08-24 22:00:46] [NOTICE] Stopped.
[2018-08-24 22:00:46] [NOTICE] Stopped.
[2018-08-25 04:34:07] [NOTICE] Stopped.
[2018-08-25 04:34:08] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:08] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 04:34:08] [NOTICE] Dropping privileges
[2018-08-25 04:34:09] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:09] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 04:34:09] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 04:34:09] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 04:34:10] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:10] [NOTICE] dnscrypt-proxy 2.0.16
....
[2018-08-25 04:34:12] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 04:34:12] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 04:34:14] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 04:34:14] [NOTICE] dnscrypt-proxy 2.0.16
...This goes on many times until it either stops completely and nothing is loaded, or I kill the process or attempt another dnscrypt-start.
I have recreated this issue several times on the device as it is currently running.
As soon as I enable my swap file and try dnscrypt-start it loads properly. In some cases I have actually been able to catch it in this loop and see that immediately after the swap is loaded it finishes loading properly. Meanwhile, my memory shows 50% and even after dnscrypt initialization my swap file shows 0 usage. And yet it is dependent on the swap being enabled.
Here is a full example which I just grabbed which definitively shows some dependence on the swap:
Code:
(here I turn off swap and issue a dnscrypt-start to restart...)
[2018-08-25 05:06:10] [NOTICE] Stopped.
[2018-08-25 05:06:10] [NOTICE] Stopped.
(as you can see, the services stopped - but nothing at all is reloaded.
If I look for running dns-crypt processes I see none.
So I go ahead and issue *another* dnscrypt-start...)
[2018-08-25 05:06:27] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 05:06:27] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 05:06:27] [NOTICE] Dropping privileges
(So it starts to initialize...and I get this "dropping privileges" message.
If I look for running processes I see the dns-crypt process, but not the --child.
I let it sit like this for about 10 seconds and then I enable swap...)
[2018-08-25 05:06:44] [NOTICE] Source [public-resolvers.md] loaded
[2018-08-25 05:06:44] [NOTICE] dnscrypt-proxy 2.0.16
[2018-08-25 05:06:44] [NOTICE] Now listening to 127.0.0.1:65053 [UDP]
[2018-08-25 05:06:44] [NOTICE] Now listening to 127.0.0.1:65053 [TCP]
[2018-08-25 05:06:45] [INFO] [cloudflare] TLS version: 303 - Protocol: h2 - Cipher suite: 52393
[2018-08-25 05:06:45] [NOTICE] [cloudflare] OK (DoH) - rtt: 24ms
[2018-08-25 05:06:45] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 24ms)
[2018-08-25 05:06:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1You can see here that as soon as I enable the swap dns-crypt initializes successfully.
All I can really deduce from this is that is appears that dns-crypt it doing something with vmem that is requiring it to have a swap file even if there is plenty of ram free and it won't even use the swap file. I'm not expert enough on linux memory allocation to hazard a guess on what exactly is going on here. But it seems that at least on my hardware and firmware a swap file is *not optional*, but absolutely required.
Once again I would like to ask those of you successfully running this:
Do you use a swap file, or are you working without issue sans swap?
I'm just going to have to tag @bigeyes0x0 here to maybe instruct me what could be going on, as I'm not sure what can be happening and I can't seem to find anything in dns-crypt or system logs that would indicate what the issue is.
thanks.
M
M@rco
Guest
I use a swap file by default (512MB) as it is recommended for use with Skynet, AB-Solution and dnscrypt as well.
Maybe @RMerlin can shed some light on your questions regarding memory usage?
Similar threads
Similar threads
Similar threads
-
-
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)
- Started by Viktor Jaep
- Replies: 556
-
amtm amtm 5.0 - the Asuswrt-Merlin Terminal Menu, November 17, 2024- Started by thelonelycoder
- Replies: 61
-
Entware Possible to install jdownloader on asuswrt-merlin router with entware??
- Started by JeyJ
- Replies: 9
-
Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14
- Started by WRobertE
- Replies: 10
-
scMerlin scMerlin 2.5.8 - Service and script control menu for Asuswrt-Merlin, October 20, 2024
- Started by thelonelycoder
- Replies: 85
-
uKasa uKasa - A utility script that manages Kasa smart outlets and switches with Asuswrt-Merlin routers- Started by JGrana
- Replies: 29
-
Updated Hue Utility - huetil Control and manage your Hue system from Asuswrt-Merlin or Raspbian
- Started by JGrana
- Replies: 1