Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?
You need to choose one of them, DNS privacy protocol DoT and DNSCrypt-proxy do not complement each otherStupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?
Also, amtm checks for stubby (DoT) and aborts dnscrypt installer.Stupid me....but would the current Merlin approach to DoT compete with DNScrypt or complement it?
Thanks, this is helpfulDifferent protocols for secured dns.
Dnscrypt-proxy only supports DOH and DNScrypt
Merlin uses Stubby which only support DOT
the latest feature of dnscrypt-proxy is the anonymized dns (newer protocol) which only works with DNScrypt servers.
Your query requests is routed thru a relay server to a dnscrypt dns provider. This will prevent the dns provider to only have the relay server ip and not your ip.
You can read more about Anonymized dns here
https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt
So then I take it in the Merlin GUI, de-select DoT, save and then install DNSCYPT via amtm with the file mods as suggested??You need to choose one of them, DNS privacy protocol DoT and DNSCrypt-proxy do not complement each other
Yes, Set DNS privacy protocol=noneSo then I take it in the Merlin GUI, de-select DoT, save and then install DNSCYPT via amtm with the file mods as suggested??
Thanks for the heads-up. I "tweaked" the installer, you can run this command to install the latest version easily ( I will update it every time a new version comes out so feel free to use it):Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM
curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
dnscrypt-proxy[31097]: dnscrypt-proxy 2.0.29
Oct 28 14:49:11 dnscrypt-proxy[31097]: Network connectivity detected
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [relays.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [public-resolvers.md] loaded
Oct 28 14:49:11 dnscrypt-proxy[31097]: Anonymized DNS: routing everything via [anon-kama anon-scaleway anon-ibksturm anon-charis anon-suami anon-ev-va anon-publicarray]
Oct 28 14:49:11 dnscrypt-proxy[31097]: Firefox workaround initialized
Did the sameThanks for the heads-up. I "tweaked" the installer, you can run this command to install the latest version easily:
Code:curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
Code:dnscrypt-proxy[31097]: dnscrypt-proxy 2.0.29 Oct 28 14:49:11 dnscrypt-proxy[31097]: Network connectivity detected Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [relays.md] loaded Oct 28 14:49:11 dnscrypt-proxy[31097]: Source [public-resolvers.md] loaded Oct 28 14:49:11 dnscrypt-proxy[31097]: Anonymized DNS: routing everything via [anon-kama anon-scaleway anon-ibksturm anon-charis anon-suami anon-ev-va anon-publicarray] Oct 28 14:49:11 dnscrypt-proxy[31097]: Firefox workaround initialized
I hate to be a pain, but is there anyone willing to put together a step-by-step guide? I have never used this before on the router (only on a Pi-hole) and I don't want to mess with DNS resolution and screw something up.
My understanding is:
1. SSH to router and run
curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
2. Complete installation (how? What settings am I selecting and what exactly should I be doing to use anonymized DNS?)
3. Profit
But in all seriousness, anyone willing to spell out how to then later configure the DNS servers you want? Or maybe share their TOML file with anonymized DNS configured?
Essentially, I have had great luck with Quad9 all around and would like to configure it for Quad9 solely (but am willing to try whatever based on recommendations). I guess... which DNS am I using, and which anonymized relays am I using and why?
As @Zastoff pointed out, these are the steps... but I am just afraid without actually seeing it to implement it.
Yes, Set DNS privacy protocol=none
Install DNSCrypt-proxy thru amtm
List of servers (they are in the installer also)
When installed and you have your servers set, Also set Timezone and install RNG (haveged) from dnscrypt-proxy menu
If you want to use Anonymized dns look at this post
List of Relay servers (not in the installer and need to be manually set)
routes = [
{ server_name='*', via=['anon-kama', 'anon-scaleway', 'anon-ibksturm', 'anon-charis', 'anon-suami', 'anon-ev-va','anon-publicarray'] }
]
server_names = ['cs-fr','cs-fi','cs-fr2','cs-nl','dnscrypt.nl-ns0','developerli-de', 'opennic-ethservices', 'dnscrypt-01.adsnomore.io', 'bottlepost-dns-nl', 'developerli-fr']
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = false
Might be a caching issue, I'm getting the release version:Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM
Getting dnscrypt installer, using latest
DNSCrypt proxy version: 2.0.29
Ah, I see where the problem is, hang on.Version 2.0.29 released(beta stage is over ) update thru amtm
edit:
amtm still gets beta version for some reason @thelonelycoder ? Could maybe be something with github also ATM
Thanks Working fine nowI've pushed another amtm update, still no version change
What's changed
- Correctly detects DNSCrypt proxy version number in dnscrypt installer di when "-beta.*" string is removed.
Use u to update.
Didn't notice any issues,,, maybe for those who use a software on windows or linux.https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.31
From the dev:
Version 2.0.29-beta.3 was pretty stable, but too many internal changes, unrelated to anonymized DNS were made between this last beta and the final version. That was a mistake, as it introduced a bunch of regressions. I'm totally guilty for that
2.0.29-final turned out to be less stable than the beta, and 2.0.30 was only partial fix.
So, here's a new version. Hopefully the last one for quite some time. That one is essentially identical to 2.0.29-beta.3, with only minor fixes. Changes that require more testing have been reverted.
dnscrypt-proxy supports many configuration and platforms, and improving things such as the way the application runs as a service is a bit complicated, and requires quite a lot of testing.
Now that 2.0.31 is out and stable, we can take the time to slowly reintroduce these changes for further releases.
curl -L -s -k -O https://raw.githubusercontent.com/delusion2019/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!