DNScrypt dnscrypt installer for asuswrt

[SuperDuke]

Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?

 

[DonnyJohnny]

Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?

Different protocols for secured dns.
Dnscrypt-proxy only supports DOH and DNScrypt
Merlin uses Stubby which only support DOT

the latest feature of dnscrypt-proxy is the anonymized dns (newer protocol) which only works with DNScrypt servers.
Your query requests is routed thru a relay server to a dnscrypt dns provider. This will prevent the dns provider to only have the relay server ip and not your ip.

You can read more about Anonymized dns here
https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt

 

[Zastoff]

Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?

You need to choose one of them, DNS privacy protocol DoT and DNSCrypt-proxy do not complement each other

 

[thelonelycoder]

Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?

Also, amtm checks for stubby (DoT) and aborts dnscrypt installer.

 

[SuperDuke]

Different protocols for secured dns.
Dnscrypt-proxy only supports DOH and DNScrypt
Merlin uses Stubby which only support DOT

the latest feature of dnscrypt-proxy is the anonymized dns (newer protocol) which only works with DNScrypt servers.
Your query requests is routed thru a relay server to a dnscrypt dns provider. This will prevent the dns provider to only have the relay server ip and not your ip.

You can read more about Anonymized dns here
https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt

Thanks, this is helpful

 

[SuperDuke]

You need to choose one of them, DNS privacy protocol DoT and DNSCrypt-proxy do not complement each other

So then I take it in the Merlin GUI, de-select DoT, save and then install DNSCYPT via amtm with the file mods as suggested??

 

[Zastoff]

So then I take it in the Merlin GUI, de-select DoT, save and then install DNSCYPT via amtm with the file mods as suggested??

Yes, Set DNS privacy protocol=none
Install DNSCrypt-proxy thru amtm
List of servers (they are in the installer also)
When installed and you have your servers set, Also set Timezone and install RNG (haveged) from dnscrypt-proxy menu
If you want to use Anonymized dns look at this post
List of Relay servers (not in the installer and need to be manually set)

 

[Zastoff]

Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM

 

[Delusion]

Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM

Thanks for the heads-up. I "tweaked" the installer, you can run this command to install the latest version easily ( I will update it every time a new version comes out so feel free to use it):

curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer

dnscrypt-proxy[31097]: dnscrypt-proxy 2.0.29
Oct 28 14:49:11 dnscrypt-proxy[31097]: Network connectivity detected
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [relays.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [public-resolvers.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Anonymized DNS: routing everything via [anon-kama anon-scaleway anon-ibksturm anon-charis anon-suami anon-ev-va anon-publicarray]
Oct 28 14:49:11 dnscrypt-proxy[31097]: Firefox workaround initialized

 

[Zastoff]

Thanks for the heads-up. I "tweaked" the installer, you can run this command to install the latest version easily:

curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer

dnscrypt-proxy[31097]: dnscrypt-proxy 2.0.29
Oct 28 14:49:11 dnscrypt-proxy[31097]: Network connectivity detected
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [relays.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [public-resolvers.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Anonymized DNS: routing everything via [anon-kama anon-scaleway anon-ibksturm anon-charis anon-suami anon-ev-va anon-publicarray]
Oct 28 14:49:11 dnscrypt-proxy[31097]: Firefox workaround initialized

Did the same

 

[HairyA00]

I hate to be a pain, but is there anyone willing to put together a step-by-step guide? I have never used this before on the router (only on a Pi-hole) and I don't want to mess with DNS resolution and screw something up.

My understanding is:
1. SSH to router and run
curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
2. Complete installation (how? What settings am I selecting and what exactly should I be doing to use anonymized DNS?)
3. Profit

But in all seriousness, anyone willing to spell out how to then later configure the DNS servers you want? Or maybe share their TOML file with anonymized DNS configured?

Essentially, I have had great luck with Quad9 all around and would like to configure it for Quad9 solely (but am willing to try whatever based on recommendations). I guess... which DNS am I using, and which anonymized relays am I using and why?


As @Zastoff pointed out, these are the steps... but I am just afraid without actually seeing it to implement it.

Yes, Set DNS privacy protocol=none
Install DNSCrypt-proxy thru amtm
List of servers (they are in the installer also)
When installed and you have your servers set, Also set Timezone and install RNG (haveged) from dnscrypt-proxy menu
If you want to use Anonymized dns look at this post
List of Relay servers (not in the installer and need to be manually set)

 

[Delusion]

I hate to be a pain, but is there anyone willing to put together a step-by-step guide? I have never used this before on the router (only on a Pi-hole) and I don't want to mess with DNS resolution and screw something up.

My understanding is:
1. SSH to router and run
curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
2. Complete installation (how? What settings am I selecting and what exactly should I be doing to use anonymized DNS?)
3. Profit

Spoiler

But in all seriousness, anyone willing to spell out how to then later configure the DNS servers you want? Or maybe share their TOML file with anonymized DNS configured?

Essentially, I have had great luck with Quad9 all around and would like to configure it for Quad9 solely (but am willing to try whatever based on recommendations). I guess... which DNS am I using, and which anonymized relays am I using and why?


As @Zastoff pointed out, these are the steps... but I am just afraid without actually seeing it to implement it.

Yes, Set DNS privacy protocol=none
Install DNSCrypt-proxy thru amtm
List of servers (they are in the installer also)
When installed and you have your servers set, Also set Timezone and install RNG (haveged) from dnscrypt-proxy menu
If you want to use Anonymized dns look at this post
List of Relay servers (not in the installer and need to be manually set)

First I suggest to run configure from the menu and select a random dns server and then:

You need to edit :
nano -w /jffs/dnscrypt/dnscrypt-proxy.toml


1.At bottom of the file I added this in routes (you can add more or less, more dns relays that are close to you as you wish..):

routes = [
    { server_name='*', via=['anon-kama', 'anon-scaleway', 'anon-ibksturm', 'anon-charis', 'anon-suami', 'anon-ev-va','anon-publicarray'] }
]

2. At the top of the page uncomment #server_names : (here you can add manually dns servers as you wish but not from the same provider of the relays, for example I had on this list "scaleway" something but had to remove it cause I have a relay from this provider (anon-scaleway):

server_names = ['cs-fr','cs-fi','cs-fr2','cs-nl','dnscrypt.nl-ns0','developerli-de', 'opennic-ethservices', 'dnscrypt-01.adsnomore.io', 'bottlepost-dns-nl', 'developerli-fr']

3. Make sure you also use DNSCrypt servers and not DoH! :

# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true

# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = false

4. Thats it... ctrl+o+enter to save and restart DNSCrypt:

/jffs/dnscrypt/dnscrypt-proxy start

5. When you update to a new version from the link I posted , don't forget to to enter "Y" when this question pops up:

Info: Found previous dnscrypt-proxy config file
=> Do you want to use this file without reconfiguring? [y/n]: y

 

[thelonelycoder]

Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM

Might be a caching issue, I'm getting the release version:

 Getting dnscrypt installer, using latest
 DNSCrypt proxy version:  2.0.29

 

[thelonelycoder]

Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM

Ah, I see where the problem is, hang on.

 

[thelonelycoder]

I've pushed another amtm update, still no version change

What's changed
- Correctly detects DNSCrypt proxy version number in dnscrypt installer di when "-beta.*" string is removed.

Use u to update.

 

[Zastoff]

I've pushed another amtm update, still no version change

What's changed
- Correctly detects DNSCrypt proxy version number in dnscrypt installer di when "-beta.*" string is removed.

Use u to update.

Thanks Working fine now

 

[glehel]

Everything works fine! thank you for this great job!


dnscrypt-proxy[17647]: dnscrypt-proxy 2.0.29
dnscrypt-proxy[17647]: Network connectivity detected
dnscrypt-proxy[17647]: Source [public-resolvers.md] loaded
dnscrypt-proxy[17647]: Source [relays.md] loaded
dnscrypt-proxy[17647]: Anonymized DNS: routing [securedns] via [anon-kama anon-ibksturm]
dnscrypt-proxy[17647]: Anonymized DNS: routing [soltysiak] via [anon-ibksturm anon-charis]
dnscrypt-proxy[17647]: Anonymized DNS: routing [suami] via [anon-scaleway anon-charis]
dnscrypt-proxy[17647]: Anonymized DNS: routing [scaleway-fr] via [anon-kama anon-ibksturm anon-charis]
dnscrypt-proxy[17647]: Anonymized DNS: routing [opennic-ethservices] via [anon-scaleway anon-ibksturm]
dnscrypt-proxy[17647]: Anonymized DNS: routing [bottlepost-dns-nl] via [anon-kama anon-scaleway]
dnscrypt-proxy[17647]: Firefox workaround initialized

 

[Zastoff]

Version 2.0.30 released, ChangeLog
Update/Install thru amtm

 

[HairyA00]

Version 2.0.30 released, ChangeLog
Update/Install thru amtm

https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.31

From the dev:

Version 2.0.29-beta.3 was pretty stable, but too many internal changes, unrelated to anonymized DNS were made between this last beta and the final version. That was a mistake, as it introduced a bunch of regressions. I'm totally guilty for that

2.0.29-final turned out to be less stable than the beta, and 2.0.30 was only partial fix.

So, here's a new version. Hopefully the last one for quite some time. That one is essentially identical to 2.0.29-beta.3, with only minor fixes. Changes that require more testing have been reverted.

dnscrypt-proxy supports many configuration and platforms, and improving things such as the way the application runs as a service is a bit complicated, and requires quite a lot of testing.

Now that 2.0.31 is out and stable, we can take the time to slowly reintroduce these changes for further releases.

 

[Delusion]

https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.31

From the dev:

Version 2.0.29-beta.3 was pretty stable, but too many internal changes, unrelated to anonymized DNS were made between this last beta and the final version. That was a mistake, as it introduced a bunch of regressions. I'm totally guilty for that

2.0.29-final turned out to be less stable than the beta, and 2.0.30 was only partial fix.

So, here's a new version. Hopefully the last one for quite some time. That one is essentially identical to 2.0.29-beta.3, with only minor fixes. Changes that require more testing have been reverted.

dnscrypt-proxy supports many configuration and platforms, and improving things such as the way the application runs as a service is a bit complicated, and requires quite a lot of testing.

Now that 2.0.31 is out and stable, we can take the time to slowly reintroduce these changes for further releases.

Didn't notice any issues,,, maybe for those who use a software on windows or linux.
Anyway, updated to .31

curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer

Info: Found previous dnscrypt-proxy config file
=> Do you want to use this file without reconfiguring? [y/n]: y