What's new

DNSCrypt is reborn!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Quick update for those interested: @DonnyJohnny and yours truly have been working behind the scenes to get dnscrypt-proxy working at boot and logging to syslog is now working as well. As far as I can tell, everything seems to work as expected now, but it has to be done manually. Getting this in an install script is a different story, I have no experience in creating such a script. We'll see what we can do with the old installer script to automate the install.

So, the good news: it's fully functional and seems stable and secure (no leaks), however, it might take some more time before we can provide an installer script to automate the installation. The latter might not be a bad thing, as it's currently in alpha stage meaning download urls for the pre-compiled binaries change frequently, which would be a hassle writing a script anyway.

To be continued...
 
Quick update for those interested: @DonnyJohnny and yours truly have been working behind the scenes to get dnscrypt-proxy working at boot and logging to syslog is now working as well. As far as I can tell, everything seems to work as expected now, but it has to be done manually. Getting this in an install script is a different story, I have no experience in creating such a script. We'll see what we can do with the old installer script to automate the install.

So, the good news: it's fully functional and seems stable and secure (no leaks), however, it might take some more time before we can provide an installer script to automate the installation. The latter might not be a bad thing, as it's currently in alpha stage meaning download urls for the pre-compiled binaries change frequently, which would be a hassle writing a script anyway.

To be continued...
Right on man!!
 
Alpha 6 out with query log. Working but I comment out.
 
Alpha 7 has been released, blocking rules (compatible with dnscrypt-proxy v1) were added. Not tested yet.
 
Super fast release...
 
This dns protocol is sure moving very fast... first dnscrypt, then dns over tls... now dns over https.....
So exciting to see things moving so fast...
I planning to try unbound and dns over tls.

Anyone can give me a quick link on how to set it up in asuswrt-merlin?
 
This dns protocol is sure moving very fast... first dnscrypt, then dns over tls... now dns over https.....
So exciting to see things moving so fast...
I planning to try unbound and dns over tls.

Anyone can give me a quick link on how to set it up in asuswrt-merlin?

Unbound is in the entware-ng repository.
 
DNSCrypt-proxy v2 has just left alpha stage, beta 1 has been released.

Latest feature introduced is, when multiple servers are in dnscrypt-proxy config, it will now test for latency for all servers configured and will use the fastest one to resolve dns queries.

Pre-compiled binary can be found here: https://github.com/jedisct1/dnscrypt-proxy/releases/latest
 
Last edited by a moderator:
While it is cool to use 60 dns resolvers but sending queries to 60 dns resolvers is a bit crazy. I now pre-select 3 fastest dns resolvers as failover. Lol...
This is cool and easy to use...
 
Great. Another programmer who uses a less efficient language just "because they can", and they think it's cool. Sigh.

To be honest, it ain't that bad. I haven't seen it using more than 4.7 Mb of resources (mostly 3-4 Mb) and given the (increasing) amount of functionality, I can totally live with that. I'll try to do some dns benchmarks tomorrow to see how it behaves when under load. So far, I haven't had a single moment I felt like it was a memory hog which degrades my RT-AC68U's performance.

While it is cool to use 60 dns resolvers but sending queries to 60 dns resolvers is a bit crazy. I now pre-select 3 fastest dns resolvers as failover. Lol...
This is cool and easy to use...

It doesn't test all the available servers in the sources list, it tests the servers configured in [Servers] section in dnscrypt-proxy.toml, so only the ones you've pre-configured. It uses the fastest and keeps the others as failover.
 
It doesn't test all the available servers in the sources list, it tests the servers configured in [Servers] section in dnscrypt-proxy.toml, so only the ones you've pre-configured. It uses the fastest and keeps the others as failover.

Nah.. my static list has only 1 pre-configured resolver. It did test the whole csv list. Notice the 60 live server. It generated a whole list of ping test which is more than 10000 character for me to paste here. Btw Cisco for me is 3ms. What more can I ask for?

Code:
Jan 18 06:07:16 dnscrypt-proxy: [2018-01-17 22:07:16] [-] [NOTICE] Server with the lowest initial latency: cisco (rtt: 3ms)
Jan 18 06:07:16 dnscrypt-proxy: [2018-01-17 22:07:16] [-] [NOTICE] dnscrypt-proxy is ready - live servers: 60
 
Last edited:
What does it mean that the beta has no local DNSSEC validation?
I think it will do the job of dnsmasq. Validating the dnssec
Asuswrt-merlin already sup-port dnssec under LAN, DHCP Server.
 
Has he implemented the option to ignore timestamps from certs yet? That is necessary to properly integrate it for embedded devices without a RTC.
 
Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top