Sizzlechest
Regular Contributor
I'm using DNSCrypt on a different router. Ever since 2.0.28, I eventually lose DNS when using cisco. I don't seem to have an issue with cloudflare. Has anyone tried cisco recently?
/tmp/resolv.dnsmasq is empty,
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=V
expand-hosts
bogus-priv
domain-needed
local=/V/
dhcp-range=lan,192.168.50.3,192.168.50.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.50.1
dhcp-option=lan,15,V
dhcp-option=lan,252,"\n"
dhcp-authoritative
stop-dns-rebind
address=/use-application-dns.net/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
127.0.0.1 www.snbforums.com A REJECT 160ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 duckduckgo.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 duckduckgo.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 20ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 2ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 0ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 i.ytimg.com A REJECT 1ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A PASS 143ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 push.services.mozilla.com A PASS 77ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 identity.bitwarden.com A PASS 40ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 notifications.bitwarden.com A PASS 42ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 yt3.ggpht.com A PASS 37ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 pico.eset.com A PASS 38ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 www.snbforums.com A PASS 97ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 duckduckgo.com A PASS 39ms quad9-dnscrypt-ip4-filter-alt
127.0.0.1 external-content.duckduckgo.com A PASS 41ms quad9-dnscrypt-ip4-filter-alt
[2019-11-01 07:36:59] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:36:59] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:37:01] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:37:01] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:37:02] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:37:02] 127.0.0.1 www.snbforums.com *.*
[2019-11-01 07:37:25] 127.0.0.1 duckduckgo.com *.*
[2019-11-01 07:37:25] 127.0.0.1 duckduckgo.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
[2019-11-01 07:38:10] 127.0.0.1 i.ytimg.com *.*
now if they can just get that working to support DoH as well, then all of the proxy can be sent via the relays.Alot more relays to choose from for Anonymized DNSCrypt
https://www.reddit.com/r/dnscrypt/comments/dq2q0z/we_now_have_40_relays_all_around_the_world/
2.0.33 is out... 32 seems to keep crashing and restarting... some bugs with logging not specify.Version 2.0.32 released
Update/install thru amtm
Workaround for a bug in Cisco servers has been implemented in this version @Sizzlechest
So to solve all the problems with installing dnscrypt with entware (or similar) then setting up various scripts to handle dnscrypt-proxy starting up including the ntp issue, I made my own installer for dnscrypt-proxy.
Requirements:
- ARM or MIPSEL based ASUS routers
- asuswrt-merlin firmwares or compatible
- jffs support and script enabled
Incompatibilities:
- No known issue
Current features:
- dnscrypt-proxy version 2 with DoH and DNSCrypt version 2 protocols, multiple resolvers, and other features
- Running as nobody through nonroot binary (using --user requires change to passwd)
- Support ARM and MIPSEL based routers
- Support OpenDNS dynamic IP update by entering your OpenDNS account information
- Handling ntp update at router boot up by starting dnscrypt-proxy with cert_ignore_timestamp option
- Redirect all DNS queries on your network to dnscrypt if user chooses to
- Install haveged/rngd for better speed with dnscrypt and other cryptographic applications
- Support various HW RNG such as TrueRNG (tested with v3), TrueRNGpro, OneRNG, EntropyKey
- Ability to setup a swap file
- Ability to setup timezone file (/etc/localtime) used by dnscrypt-proxy and other apps
- Ability to reconfigure dnscrypt-proxy without reinstalling unlike previous installer for dnscrypt-proxy version 1.x.x
Changelog:
https://github.com/thuantran/dnscrypt-asuswrt-installer/commits/master
Install/Update/Reconfig/Uninstall:
Run this command from ssh shell and following the prompt for dnscrypt-proxy version 2:
User can safely update from dnscrypt-proxy version 1 to version 2 with above command.Code:curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
If you want to use dnscrypt-proxy version 1, run this command:
Code:curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/dnscrypt-proxy-v1/installer && sh installer dnscrypt-proxy-v1; rm installer
How to check if it works
If you use OpenDNS, run this command on Windows cmd
You should see something likeCode:nslookup -type=txt debug.opendns.com
in result.Code:"dnscrypt enabled (717473654A614970)"
Otherwise running this command:
will return a number.Code:pidof dnscrypt-proxy
How to report issue:
I need following directory and files:
One can use this command to create a tar archive of these files:Code:/jffs/dnscrypt /jffs/scripts/dnsmasq.postconf /jffs/scripts/firewall-start /jffs/scripts/wan-start
in current directory and send me the archive for debug.Code:echo .config > exclude-files; tar -cvf dnscrypt.tar -X exclude-files /jffs/dnscrypt /jffs/scripts/dnsmasq.postconf /jffs/scripts/firewall-start /jffs/scripts/wan-start ; rm exclude-files
I also need follwoing information:
- Which dns server you selected during dnscrypt installtion
- Which router you're using
- Firmware and its version
How I made this:
- Use dnscrypt-proxy binary packages from https://github.com/jedisct1/dnscrypt-proxy
- Compiling and stripping required binaries using firmware building toolchain from asuswrt-merlin
- Write the installer script with stuffs inspired from entware-setup.sh from asuswrt-merlin
- You can look at all the stuffs here https://github.com/thuantran/dnscrypt-asuswrt-installer
This fix should work for DNSCrypt v1I have just installed v1 but dnscrypt-resolvers.csv is containing only "404: Not Found"!
How to uninstall or solve this problem?
it only removes installer fileThank you so much!
It worked so nicely...
rm installer is for uninstall, isn't it?
And for uninstall the script, I can't find it anywhere...it only removes installer file
Found this:
Uninstall:
Just remove /jffs/dnscrypt directory and restart your router (For DNSCrypt ver 1)
Link
Beta release 2.0.34-beta.1
Some extra info: Link
- Blacklisted names are now also blocked if they appear in CNAME pointers.
- DNSCrypt-proxy can now act as a local DoH server. Firefox can be configured to use it, so that ESNI can be enabled without bypassing your DNS proxy.
Recommend doing a backup of JFFS in webui before update, For easy rollback if something is not working with a newer version
Administration - Restore/Save/Upload Setting: Backup JFFS partition: Save
Restore JFFS backup if needed and reboot router
Note that the actual resolvers don't have to be Cloudflare's, and don't have to use the DoH protocol either. ESNI is perfectly compatible with DNSCrypt and Anonymized DNSCrypt.
But also note that the ESNI specification is still a work in progress. What is currently implemented in Firefox is an early prototype. Enabling ESNI triggers an additional DNS lookup for every domain, even on websites that do not support it (aka, the vast majority). It may also break some websites.
Added to init-start for randomization (every friday @02.05) or set it as you like https://crontab.guru/For each server, a random relay from the set is chosen when the proxy starts, and the same relay will be used until the proxy is restarted. Relay randomization and failover will be implemented in future versions.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!