DNScrypt Dnscrypt Proxy Installer For Asuswrt-Merlin(Nov.)

[catchem99]

An update!
finally dnscrypt works!
I have to remove Diversion first (and remove entware) and reinstall dnscrypt and now it works as normal.

Are these not usable together?

 

[SomeWhereOverTheRainBow]

An update!
finally dnscrypt works!
I have to remove Diversion first (and remove entware) and reinstall dnscrypt and now it works as normal.

Are these not usable together?

There are no issues running the two together, they are two separate scripts. There should be no reason for you to uninstall entware either, unless you have a bugged copy of dnscrypt running from it.
The only 2 things that could be occurring are.
(A) You need to factory reset your router followed by a minimal config before attempting to use any more scripts.
(B) Dnscypt-Proxy 2 is not compatible with your Model router since it is claiming to still not drop privileges properly.

I chose option B

 

[Zastoff]

An update!
finally dnscrypt works!
I have to remove Diversion first (and remove entware) and reinstall dnscrypt and now it works as normal.

Are these not usable together?

Happy you seem to have it working!
Important to check that it is Dropping privileges when it start in syslog.

Spoiler: From my syslog

Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: dnscrypt-proxy 2.0.46-beta3
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Network connectivity detected
-->Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Dropping privileges
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Network connectivity detected
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Now listening to 127.0.1.1:53 [UDP]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Now listening to 127.0.1.1:53 [TCP]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Source [odoh] loaded
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Source [public-resolvers] loaded
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Source [relays] loaded
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymized DNS: routing [dnscrypt-fi-blahdns-ipv4] via [anon-sth-se anon-cs-se]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymized DNS: routing [sth-dnscrypt-se] via [anon-cs-se anon-dama.no]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymized DNS: routing [dnscrypt.eu-dk] via [anon-sth-se anon-cs-se anon-dama.no]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Firefox workaround initialized
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymizing queries for [dnscrypt-fi-blahdns-ipv4] via [anon-cs-se]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: [dnscrypt-fi-blahdns-ipv4] OK (DNSCrypt) - rtt: 20ms
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymizing queries for [dnscrypt.eu-dk] via [anon-cs-se]
Jun 19 10:54:20 RT-AX88U-6C58 dnscrypt-proxy[6315]: [dnscrypt.eu-dk] OK (DNSCrypt) - rtt: 24ms
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: [mullvad-doh] OK (DoH) - rtt: 6ms
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: [ovpn1-Static] OK (DNSCrypt) - rtt: 15ms
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: Anonymizing queries for [sth-dnscrypt-se] via [anon-cs-se]
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: [sth-dnscrypt-se] OK (DNSCrypt) - rtt: 16ms
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: Sorted latencies:
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: - 6ms mullvad-doh
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: - 15ms ovpn1-Static
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: - 16ms sth-dnscrypt-se
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: - 20ms dnscrypt-fi-blahdns-ipv4
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: - 24ms dnscrypt.eu-dk
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: Server with the lowest initial latency: mullvad-doh (rtt: 6ms)
Jun 19 10:54:30 RT-AX88U-6C58 dnscrypt-proxy[6315]: dnscrypt-proxy is ready - live servers: 5

Diversion has always worked fine for me with DNSCrypt-proxy.
But one other user reported/claimed that he had to change install order (He installed DNSCrypt-proxy first then diversion to get it working)

 

[kernol]

@SomeWhereOverTheRainBow - just a heads up that your thread should have run into the 6 month "brick wall" by now - and could do so automajically I guess at any time in the near future ???

Maybe time to open a fresh one before you get locked out ... ???

 

[dave14305]

@SomeWhereOverTheRainBow - just a heads up that your thread should have run into the 6 month "brick wall" by now - and could do so automajically I guess at any time in the near future ???

Maybe time to open a fresh one before you get locked out ... ???

A long way to go before it also reaches the 500 post threshold.

 

[SomeWhereOverTheRainBow]

@SomeWhereOverTheRainBow - just a heads up that your thread should have run into the 6 month "brick wall" by now - and could do so automajically I guess at any time in the near future ???

Maybe time to open a fresh one before you get locked out ... ???

Or users can open new threads for their future issues as the thread is designed to. My next post about the installer will probably be to start a new thread because there is a new release. Or I will use this to announce releases until it hits 500 posts

 

[kernol]

A long way to go before it also reaches the 500 post threshold.
View attachment 34499

Ahhh missed that "concession" ... but glad it's there {ThumbsUp}.

 

[catchem99]

Just reinstalled Diversion and both seems to be working fine.
There are no "Dropping Privileges" yet in the log.

Thanks to @SomeWhereOverTheRainBow, @Zastoff and @dave14305 for the help!

 

[Zastoff]

DNSCrypt-proxy 2.1.0 released.

• dnscrypt-proxy now includes support for Oblivious DoH.
• If the proxy is overloaded, cached and synthetic queries now keep being served, while non-cached queries are delayed.
• A deprecation warning was added for fallback_resolvers.
• Source URLs are now randomized.
• On some platforms, redirecting the application log to a file was not compatible with user switching; this has been fixed.
• fallback_resolvers was renamed to bootstrap_resolvers for clarity. Please update your configuration file accordingly.

Spoiler: Version 2.1.0

Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: dnscrypt-proxy 2.1.0
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Network connectivity detected
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Dropping privileges
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Network connectivity detected
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Now listening to 127.0.1.1:53 [UDP]
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Now listening to 127.0.1.1:53 [TCP]
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Source [relays] loaded
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Source [odoh-servers] loaded
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Source [odoh-relays] loaded
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Source [public-resolvers] loaded
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Anonymized DNS: routing [odoh-cloudflare] via [odohrelay-koki-ams]
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Firefox workaround initialized
Aug 14 16:58:24 RT-AX88U-6C58 dnscrypt-proxy[21375]: Anonymizing queries for [odoh-cloudflare] via [odohrelay-koki-ams]
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: [odoh-cloudflare] OK (ODoH) - rtt: 26ms
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: [sth-dnscrypt-se] OK (DNSCrypt) - rtt: 15ms
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: [mullvad-doh] OK (DoH) - rtt: 6ms
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: Sorted latencies:
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: - 6ms mullvad-doh
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: - 15ms sth-dnscrypt-se
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: - 26ms odoh-cloudflare
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: Server with the lowest initial latency: mullvad-doh (rtt: 6ms)
Aug 14 16:58:27 RT-AX88U-6C58 dnscrypt-proxy[21375]: dnscrypt-proxy is ready - live servers: 3

Spoiler: Celebrating 10 years of encrypted DNS

sdns://2021

https://www.youtube.com/playlist?list=PLDlEgzZB7eyJ0_Y2U2Y3Vv5kjj7DmeBIM

Edit:
The DNSCrypt installer is updated to v2.2.8
Was some changes in dnscrypt-proxy v2.1.0 ,Now servers and relays for ODoH are in different sources.
Recommend to configure from a new/default toml if odoh servers/relays are configured.
Big Thanks to @SomeWhereOverTheRainBow Awesome and fast updates as always

 

[Zastoff]

DNSCrypt-proxy 2.1.1 released.

This is a bugfix only release, addressing regressions introduced in version 2.1.0:

• When using DoH, cached responses were not served any more when experiencing connectivity issues. This has been fixed.
• Time attributes in allow/block lists were ignored. This has been fixed.
• The TTL as served to clients is now rounded and starts decreasing before the first query is received.
• Time-based rules are properly handled again in generate-domains-blocklist.
• DoH/ODoH: entries with an IP address and using a non-standard port used to require help from a bootstrap resolver. This is not the case any more.

Spoiler: Version 2.1.1

Sep 27 19:00:12 RT-AX88U-6C58 izzt: Start dnscrypt-proxy
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: dnscrypt-proxy 2.1.1
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Network connectivity detected
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Dropping privileges
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Network connectivity detected
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Now listening to 127.0.1.1:53 [UDP]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Now listening to 127.0.1.1:53 [TCP]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [public-resolvers] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [relays] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [odoh-servers] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [odoh-relays] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [ams-dnscrypt-nl] via [anon-sth-se anon-meganerd]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [odoh-cloudflare] via [odohrelay-surf odohrelay-koki-ams]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [sth-dnscrypt-se] via [anon-ams-nl anon-acsacsar-ams-ipv4]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [dnscrypt-fi-blahdns-ipv4] via [anon-sth-se anon-ams-nl]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [odoh-koki-se] via [odohrelay-koki-ams odohrelay-surf]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Firefox workaround initialized
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [dnscrypt-fi-blahdns-ipv4] via [anon-ams-nl]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: [dnscrypt-fi-blahdns-ipv4] OK (DNSCrypt) - rtt: 53ms
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [odoh-cloudflare] via [odohrelay-koki-ams]
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: [odoh-cloudflare] OK (ODoH) - rtt: 27ms
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [sth-dnscrypt-se] via [anon-ams-nl]
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: [sth-dnscrypt-se] OK (DNSCrypt) - rtt: 52ms
Sep 27 19:00:25 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [odoh-koki-se] via [odohrelay-koki-ams]
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: [odoh-koki-se] OK (ODoH) - rtt: 45ms
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [ams-dnscrypt-nl] via [anon-meganerd]
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: [ams-dnscrypt-nl] OK (DNSCrypt) - rtt: 20ms
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Sorted latencies:
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 20ms ams-dnscrypt-nl
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 27ms odoh-cloudflare
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 45ms odoh-koki-se
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 52ms sth-dnscrypt-se
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 53ms dnscrypt-fi-blahdns-ipv4
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Server with the lowest initial latency: ams-dnscrypt-nl (rtt: 20ms)
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: dnscrypt-proxy is ready - live servers: 5

 

[SomeWhereOverTheRainBow]

DNSCrypt-proxy 2.1.1 released.

Spoiler: Version 2.1.1

Sep 27 19:00:12 RT-AX88U-6C58 izzt: Start dnscrypt-proxy
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: dnscrypt-proxy 2.1.1
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Network connectivity detected
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Dropping privileges
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Network connectivity detected
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Now listening to 127.0.1.1:53 [UDP]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Now listening to 127.0.1.1:53 [TCP]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [public-resolvers] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [relays] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [odoh-servers] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Source [odoh-relays] loaded
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [ams-dnscrypt-nl] via [anon-sth-se anon-meganerd]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [odoh-cloudflare] via [odohrelay-surf odohrelay-koki-ams]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [sth-dnscrypt-se] via [anon-ams-nl anon-acsacsar-ams-ipv4]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [dnscrypt-fi-blahdns-ipv4] via [anon-sth-se anon-ams-nl]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymized DNS: routing [odoh-koki-se] via [odohrelay-koki-ams odohrelay-surf]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Firefox workaround initialized
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [dnscrypt-fi-blahdns-ipv4] via [anon-ams-nl]
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: [dnscrypt-fi-blahdns-ipv4] OK (DNSCrypt) - rtt: 53ms
Sep 27 19:00:12 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [odoh-cloudflare] via [odohrelay-koki-ams]
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: [odoh-cloudflare] OK (ODoH) - rtt: 27ms
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [sth-dnscrypt-se] via [anon-ams-nl]
Sep 27 19:00:15 RT-AX88U-6C58 dnscrypt-proxy[30080]: [sth-dnscrypt-se] OK (DNSCrypt) - rtt: 52ms
Sep 27 19:00:25 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [odoh-koki-se] via [odohrelay-koki-ams]
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: [odoh-koki-se] OK (ODoH) - rtt: 45ms
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Anonymizing queries for [ams-dnscrypt-nl] via [anon-meganerd]
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: [ams-dnscrypt-nl] OK (DNSCrypt) - rtt: 20ms
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Sorted latencies:
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 20ms ams-dnscrypt-nl
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 27ms odoh-cloudflare
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 45ms odoh-koki-se
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 52ms sth-dnscrypt-se
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: - 53ms dnscrypt-fi-blahdns-ipv4
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: Server with the lowest initial latency: ams-dnscrypt-nl (rtt: 20ms)
Sep 27 19:00:27 RT-AX88U-6C58 dnscrypt-proxy[30080]: dnscrypt-proxy is ready - live servers: 5

I see they are finally moving along again.

 

[Kingp1n]

I've installed DNSCrypt and I had a few questions.

########################################################################################################
#           _____ _    _  _______          _______ _______     __  __ ______ _____  _      _____ _   _ #
#    /\    / ____| |  | |/ ____\ \        / |  __ |__   __|   |  \/  |  ____|  __ \| |    |_   _| \ | |#
#   /  \  | (___ | |  | | (___  \ \  /\  / /| |__) | | |______| \  / | |__  | |__) | |      | | |  \| |#
#  / /\ \  \___ \| |  | |\___ \  \ \/  \/ / |  _  /  | |______| |\/| |  __| |  _  /| |      | | | . ` |#
# / ____ \ ____) | |__| |____) |  \  /\  /  | | \ \  | |      | |  | | |____| | \ \| |____ _| |_| |\  |#
#/_/    \_|_____/ \____/|_____/    \/  \/   |_|  \_\ |_|      |_|  |_|______|_|  \_|______|_____|_| \_|#
#                                                                                                      #
# _____  _   _  _____  _____ _______     _______ _______     _____  _____   ______   ___     __        #
#|  __ \| \ | |/ ____|/ ____|  __ \ \   / |  __ |__   __|   |  __ \|  __ \ / __ \ \ / \ \   / /        #
#| |  | |  \| | (___ | |    | |__) \ \_/ /| |__) | | |______| |__) | |__) | |  | \ V / \ \_/ /         #
#| |  | | . ` |\___ \| |    |  _  / \   / |  ___/  | |______|  ___/|  _  /| |  | |> <   \   /          #
#| |__| | |\  |____) | |____| | \ \  | |  | |      | |      | |    | | \ \| |__| / . \   | |           #
#|_____/|_| \_|_____/ \_____|_|  \_\ |_|  |_|      |_|      |_|    |_|  \_\\____/_/ \_\  |_|           #
#                                                                                                      #
# _____ _   _  _____ _______       _      _      ______ _____     Original Author:                     #
#|_   _| \ | |/ ____|__   __|/\   | |    | |    |  ____|  __ \             bigeyes0x0                  #
#  | | |  \| | (___    | |  /  \  | |    | |    | |__  | |__) |   Current Maintainer:                  #
#  | | | . ` |\___ \   | | / /\ \ | |    | |    |  __| |  _  /             SomeWhereOverTheRainBow     #
# _| |_| |\  |____) |  | |/ ____ \| |____| |____| |____| | \ \                                         #
#|_____|_| \_|_____/   |_/_/    \_|______|______|______|_|  \_\   v2.3.1                               #
#                                                                                                      #
########################################################################################################
Info:  Detected GT-AX11000 router.
Info:  Detected Linux platform.
Info:  Detected ARMv8 architecture.
Info:  JFFS custom scripts and configs are already enabled.
Info:  DNS Environment is Ready.
Info:  DI_VERSION=v2.3.1
Info:  DNSCRYPT_VER=2.1.1
Info:  Manager file is Up-To-Date!
Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  b) Backup
  q) Quit
=>  Please enter the number that designates your selection:, [1-9/b/q]: 1
Info:  This operation will install dnscrypt-proxy and related files (<6MB)
Info:  to jffs, no other data will be changed.
Info:  Also some start scripts will be installed/modified as required.
=>  Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
=>  Do you want create a backup before updating? [y/n]: n
Info:  continuing without making a backup.
Info:  installer is up to date. Skipping...
Info:  manager is up to date. Skipping...
Info:  DNSCRYPT_VER=2.1.1
Info:  public-resolvers.md is up to date. Skipping...
Info:  public-resolvers.md.minisig is up to date. Skipping...
Info:  relays.md is up to date. Skipping...
Info:  relays.md.minisig is up to date. Skipping...
Info:  odoh-servers.md is up to date. Skipping...
Info:  odoh-servers.md.minisig is up to date. Skipping...
Info:  odoh-relays.md is up to date. Skipping...
Info:  odoh-relays.md.minisig is up to date. Skipping...
Info:  dnscrypt-resolvers.csv is up to date. Skipping...
Info:  dnscrypt-resolvers.csv.minisig is up to date. Skipping...
Info:  dnsmasq.postconf file already configured
Info:  init-start file already configured
Info:  Configuring dnscrypt-proxy...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:24:18] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:24:18] [NOTICE] Dropping privileges
[2021-12-31 06:24:18] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:24:18] [NOTICE] Source [relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:24:18] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx anon-zackptg5-us-il-ipv4]
[2021-12-31 06:24:18] [NOTICE] Configuration successfully checked
Info:  Found previous dnscrypt-proxy config file
=>  Do you want to use this file without reconfiguring? [y/n]: n
Info:  How do you want to reconfigure:
Info:    1) Start from previous settings file
Info:    2) Start from default config
=>  Your selection, [1-2]: 2
Info:  Backing up previous settings file...
=>  Do you want to redirect all DNS resolutions on your network through this proxy? [y/n]: y
Info:  DNSFilter is Already on.
Info:  You can choose to keep any custom dnsfilter values and only redirect non-custom traffic or send all traffic through this proxy.
=>  Do you want to redirect only SOME DNS resolutions on your network through this proxy? [y/n]: n
Info:  DNS is set to redirect All DNS resolutions through this proxy.
Info:  Choose DNS resolving load balancing strategy:
  1) p2 (default)
  2) ph
  3) first
  4) random
=>  Select your strategy, [1-4]: 1
=>  Do you want to use load balance estimator to adjust resolvers based on latency calculations? [y/n]: y
Info:  Choose how your DNS servers are selected:
  1) Automatically (default)
  2) Manually
  3) Static
=>  Select your mode, [1-3]: 1
=>  Use servers that support the DNSCrypt protocol [y/n]: y
=>  Use servers that support the DNS-over-HTTPS protocol [y/n]: y
=>  Use servers that support the Oblivious DNS-over-HTTPS protocol [y/n]: y
=>  Use only servers that support DNSSEC [y/n]: n
=>  Use only servers that do not log user's queries [y/n]: y
=>  Use only servers that do not filter result [y/n]: y
=>  Do you want to choose which servers to disable (this can be a long process)? [y/n]: n
Info:  Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support...
Info:  This option allows you to setup wildcard options for servers (server_name *) and/or relays (via=['*']) for all compatible servers.
=>  Do you only want relays for Oblivious DNS-over-HTTPS Servers? [y/n]: y
Info:  Available Relay servers:
  1) odohrelay-crypto-sx: Oblivious DoH relay running on Fastly Compute@Edge.
  2) odohrelay-koki-ams: Oblivious DoH relay in The Netherlands. No logs.
  3) odohrelay-koki-bcn: Oblivious DoH relay in Spain. No logs.
  4) odohrelay-surf: SURFdomeinen oblivious DoH relay.
=>  Please choose RELAY server, [1-4]: 1
=>  Please choose next RELAY server or press n to stop, [1-4/n]: n
Info:  Set the DNS server(s) for initializing dnscrypt-proxy
Info:  and router services (e.g. ntp) at boot
=>  Default is 9.9.9.9:
=>  2nd Default is 8.8.8.8:
=>  Set log level, default is 2, 0 is the most verbose, [0-6]:
Info:  Writing dnscrypt-proxy configuration...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:26:16] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:26:16] [NOTICE] Dropping privileges
[2021-12-31 06:26:16] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [relays] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:26:16] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx]
[2021-12-31 06:26:16] [NOTICE] Configuration successfully checked
Info:  Starting dnscrypt-proxy...
Info:  For dnscrypt-proxy version 2 to work reliably, you might also want to:
Info:   - Add swap
Info:   - Add a RNG
Info:   - Set your timezone
Info:  Operation completed. You can quit or continue
=====================================================

I wasn't sure what to input for some of the questions so I may need to read up inside Github.


1. WHich option would I choose for installing option 6:

1) HAVEGED (Preferred if you do not have a HW RNG)
2) RNGD (Preferred if you have a HW RNG)

2. For one of the questions it asked if I wanted to use only servers that support DNSSEC I chose no. Should I've selected yes instead?

And, If I want to change it to yes, do I have to reinstall the script again using option 1? Thanks for this so far so good!

 

[SomeWhereOverTheRainBow]

I've installed DNSCrypt and I had a few questions.

########################################################################################################
#           _____ _    _  _______          _______ _______     __  __ ______ _____  _      _____ _   _ #
#    /\    / ____| |  | |/ ____\ \        / |  __ |__   __|   |  \/  |  ____|  __ \| |    |_   _| \ | |#
#   /  \  | (___ | |  | | (___  \ \  /\  / /| |__) | | |______| \  / | |__  | |__) | |      | | |  \| |#
#  / /\ \  \___ \| |  | |\___ \  \ \/  \/ / |  _  /  | |______| |\/| |  __| |  _  /| |      | | | . ` |#
# / ____ \ ____) | |__| |____) |  \  /\  /  | | \ \  | |      | |  | | |____| | \ \| |____ _| |_| |\  |#
#/_/    \_|_____/ \____/|_____/    \/  \/   |_|  \_\ |_|      |_|  |_|______|_|  \_|______|_____|_| \_|#
#                                                                                                      #
# _____  _   _  _____  _____ _______     _______ _______     _____  _____   ______   ___     __        #
#|  __ \| \ | |/ ____|/ ____|  __ \ \   / |  __ |__   __|   |  __ \|  __ \ / __ \ \ / \ \   / /        #
#| |  | |  \| | (___ | |    | |__) \ \_/ /| |__) | | |______| |__) | |__) | |  | \ V / \ \_/ /         #
#| |  | | . ` |\___ \| |    |  _  / \   / |  ___/  | |______|  ___/|  _  /| |  | |> <   \   /          #
#| |__| | |\  |____) | |____| | \ \  | |  | |      | |      | |    | | \ \| |__| / . \   | |           #
#|_____/|_| \_|_____/ \_____|_|  \_\ |_|  |_|      |_|      |_|    |_|  \_\\____/_/ \_\  |_|           #
#                                                                                                      #
# _____ _   _  _____ _______       _      _      ______ _____     Original Author:                     #
#|_   _| \ | |/ ____|__   __|/\   | |    | |    |  ____|  __ \             bigeyes0x0                  #
#  | | |  \| | (___    | |  /  \  | |    | |    | |__  | |__) |   Current Maintainer:                  #
#  | | | . ` |\___ \   | | / /\ \ | |    | |    |  __| |  _  /             SomeWhereOverTheRainBow     #
# _| |_| |\  |____) |  | |/ ____ \| |____| |____| |____| | \ \                                         #
#|_____|_| \_|_____/   |_/_/    \_|______|______|______|_|  \_\   v2.3.1                               #
#                                                                                                      #
########################################################################################################
Info:  Detected GT-AX11000 router.
Info:  Detected Linux platform.
Info:  Detected ARMv8 architecture.
Info:  JFFS custom scripts and configs are already enabled.
Info:  DNS Environment is Ready.
Info:  DI_VERSION=v2.3.1
Info:  DNSCRYPT_VER=2.1.1
Info:  Manager file is Up-To-Date!
Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  b) Backup
  q) Quit
=>  Please enter the number that designates your selection:, [1-9/b/q]: 1
Info:  This operation will install dnscrypt-proxy and related files (<6MB)
Info:  to jffs, no other data will be changed.
Info:  Also some start scripts will be installed/modified as required.
=>  Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
=>  Do you want create a backup before updating? [y/n]: n
Info:  continuing without making a backup.
Info:  installer is up to date. Skipping...
Info:  manager is up to date. Skipping...
Info:  DNSCRYPT_VER=2.1.1
Info:  public-resolvers.md is up to date. Skipping...
Info:  public-resolvers.md.minisig is up to date. Skipping...
Info:  relays.md is up to date. Skipping...
Info:  relays.md.minisig is up to date. Skipping...
Info:  odoh-servers.md is up to date. Skipping...
Info:  odoh-servers.md.minisig is up to date. Skipping...
Info:  odoh-relays.md is up to date. Skipping...
Info:  odoh-relays.md.minisig is up to date. Skipping...
Info:  dnscrypt-resolvers.csv is up to date. Skipping...
Info:  dnscrypt-resolvers.csv.minisig is up to date. Skipping...
Info:  dnsmasq.postconf file already configured
Info:  init-start file already configured
Info:  Configuring dnscrypt-proxy...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:24:18] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:24:18] [NOTICE] Dropping privileges
[2021-12-31 06:24:18] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:24:18] [NOTICE] Source [relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:24:18] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx anon-zackptg5-us-il-ipv4]
[2021-12-31 06:24:18] [NOTICE] Configuration successfully checked
Info:  Found previous dnscrypt-proxy config file
=>  Do you want to use this file without reconfiguring? [y/n]: n
Info:  How do you want to reconfigure:
Info:    1) Start from previous settings file
Info:    2) Start from default config
=>  Your selection, [1-2]: 2
Info:  Backing up previous settings file...
=>  Do you want to redirect all DNS resolutions on your network through this proxy? [y/n]: y
Info:  DNSFilter is Already on.
Info:  You can choose to keep any custom dnsfilter values and only redirect non-custom traffic or send all traffic through this proxy.
=>  Do you want to redirect only SOME DNS resolutions on your network through this proxy? [y/n]: n
Info:  DNS is set to redirect All DNS resolutions through this proxy.
Info:  Choose DNS resolving load balancing strategy:
  1) p2 (default)
  2) ph
  3) first
  4) random
=>  Select your strategy, [1-4]: 1
=>  Do you want to use load balance estimator to adjust resolvers based on latency calculations? [y/n]: y
Info:  Choose how your DNS servers are selected:
  1) Automatically (default)
  2) Manually
  3) Static
=>  Select your mode, [1-3]: 1
=>  Use servers that support the DNSCrypt protocol [y/n]: y
=>  Use servers that support the DNS-over-HTTPS protocol [y/n]: y
=>  Use servers that support the Oblivious DNS-over-HTTPS protocol [y/n]: y
=>  Use only servers that support DNSSEC [y/n]: n
=>  Use only servers that do not log user's queries [y/n]: y
=>  Use only servers that do not filter result [y/n]: y
=>  Do you want to choose which servers to disable (this can be a long process)? [y/n]: n
Info:  Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support...
Info:  This option allows you to setup wildcard options for servers (server_name *) and/or relays (via=['*']) for all compatible servers.
=>  Do you only want relays for Oblivious DNS-over-HTTPS Servers? [y/n]: y
Info:  Available Relay servers:
  1) odohrelay-crypto-sx: Oblivious DoH relay running on Fastly Compute@Edge.
  2) odohrelay-koki-ams: Oblivious DoH relay in The Netherlands. No logs.
  3) odohrelay-koki-bcn: Oblivious DoH relay in Spain. No logs.
  4) odohrelay-surf: SURFdomeinen oblivious DoH relay.
=>  Please choose RELAY server, [1-4]: 1
=>  Please choose next RELAY server or press n to stop, [1-4/n]: n
Info:  Set the DNS server(s) for initializing dnscrypt-proxy
Info:  and router services (e.g. ntp) at boot
=>  Default is 9.9.9.9:
=>  2nd Default is 8.8.8.8:
=>  Set log level, default is 2, 0 is the most verbose, [0-6]:
Info:  Writing dnscrypt-proxy configuration...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:26:16] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:26:16] [NOTICE] Dropping privileges
[2021-12-31 06:26:16] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [relays] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:26:16] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx]
[2021-12-31 06:26:16] [NOTICE] Configuration successfully checked
Info:  Starting dnscrypt-proxy...
Info:  For dnscrypt-proxy version 2 to work reliably, you might also want to:
Info:   - Add swap
Info:   - Add a RNG
Info:   - Set your timezone
Info:  Operation completed. You can quit or continue
=====================================================

I wasn't sure what to input for some of the questions so I may need to read up inside Github.


1. WHich option would I choose for installing option 6:

1) HAVEGED (Preferred if you do not have a HW RNG)
2) RNGD (Preferred if you have a HW RNG)

2. For one of the questions it asked if I wanted to use only servers that support DNSSEC I chose no. Should I've selected yes instead?

And, If I want to change it to yes, do I have to reinstall the script again using option 1? Thanks for this so far so good!

If you wanted to use only servers that support dnssec the select yes, if you don't care then select no. Just run reconfigure if you want to only change your selections.

 

[Zastoff]

I've installed DNSCrypt and I had a few questions.

########################################################################################################
#           _____ _    _  _______          _______ _______     __  __ ______ _____  _      _____ _   _ #
#    /\    / ____| |  | |/ ____\ \        / |  __ |__   __|   |  \/  |  ____|  __ \| |    |_   _| \ | |#
#   /  \  | (___ | |  | | (___  \ \  /\  / /| |__) | | |______| \  / | |__  | |__) | |      | | |  \| |#
#  / /\ \  \___ \| |  | |\___ \  \ \/  \/ / |  _  /  | |______| |\/| |  __| |  _  /| |      | | | . ` |#
# / ____ \ ____) | |__| |____) |  \  /\  /  | | \ \  | |      | |  | | |____| | \ \| |____ _| |_| |\  |#
#/_/    \_|_____/ \____/|_____/    \/  \/   |_|  \_\ |_|      |_|  |_|______|_|  \_|______|_____|_| \_|#
#                                                                                                      #
# _____  _   _  _____  _____ _______     _______ _______     _____  _____   ______   ___     __        #
#|  __ \| \ | |/ ____|/ ____|  __ \ \   / |  __ |__   __|   |  __ \|  __ \ / __ \ \ / \ \   / /        #
#| |  | |  \| | (___ | |    | |__) \ \_/ /| |__) | | |______| |__) | |__) | |  | \ V / \ \_/ /         #
#| |  | | . ` |\___ \| |    |  _  / \   / |  ___/  | |______|  ___/|  _  /| |  | |> <   \   /          #
#| |__| | |\  |____) | |____| | \ \  | |  | |      | |      | |    | | \ \| |__| / . \   | |           #
#|_____/|_| \_|_____/ \_____|_|  \_\ |_|  |_|      |_|      |_|    |_|  \_\\____/_/ \_\  |_|           #
#                                                                                                      #
# _____ _   _  _____ _______       _      _      ______ _____     Original Author:                     #
#|_   _| \ | |/ ____|__   __|/\   | |    | |    |  ____|  __ \             bigeyes0x0                  #
#  | | |  \| | (___    | |  /  \  | |    | |    | |__  | |__) |   Current Maintainer:                  #
#  | | | . ` |\___ \   | | / /\ \ | |    | |    |  __| |  _  /             SomeWhereOverTheRainBow     #
# _| |_| |\  |____) |  | |/ ____ \| |____| |____| |____| | \ \                                         #
#|_____|_| \_|_____/   |_/_/    \_|______|______|______|_|  \_\   v2.3.1                               #
#                                                                                                      #
########################################################################################################
Info:  Detected GT-AX11000 router.
Info:  Detected Linux platform.
Info:  Detected ARMv8 architecture.
Info:  JFFS custom scripts and configs are already enabled.
Info:  DNS Environment is Ready.
Info:  DI_VERSION=v2.3.1
Info:  DNSCRYPT_VER=2.1.1
Info:  Manager file is Up-To-Date!
Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  b) Backup
  q) Quit
=>  Please enter the number that designates your selection:, [1-9/b/q]: 1
Info:  This operation will install dnscrypt-proxy and related files (<6MB)
Info:  to jffs, no other data will be changed.
Info:  Also some start scripts will be installed/modified as required.
=>  Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
=>  Do you want create a backup before updating? [y/n]: n
Info:  continuing without making a backup.
Info:  installer is up to date. Skipping...
Info:  manager is up to date. Skipping...
Info:  DNSCRYPT_VER=2.1.1
Info:  public-resolvers.md is up to date. Skipping...
Info:  public-resolvers.md.minisig is up to date. Skipping...
Info:  relays.md is up to date. Skipping...
Info:  relays.md.minisig is up to date. Skipping...
Info:  odoh-servers.md is up to date. Skipping...
Info:  odoh-servers.md.minisig is up to date. Skipping...
Info:  odoh-relays.md is up to date. Skipping...
Info:  odoh-relays.md.minisig is up to date. Skipping...
Info:  dnscrypt-resolvers.csv is up to date. Skipping...
Info:  dnscrypt-resolvers.csv.minisig is up to date. Skipping...
Info:  dnsmasq.postconf file already configured
Info:  init-start file already configured
Info:  Configuring dnscrypt-proxy...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:24:18] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:24:18] [NOTICE] Dropping privileges
[2021-12-31 06:24:18] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:24:18] [NOTICE] Source [relays] loaded
[2021-12-31 06:24:18] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:24:18] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx anon-zackptg5-us-il-ipv4]
[2021-12-31 06:24:18] [NOTICE] Configuration successfully checked
Info:  Found previous dnscrypt-proxy config file
=>  Do you want to use this file without reconfiguring? [y/n]: n
Info:  How do you want to reconfigure:
Info:    1) Start from previous settings file
Info:    2) Start from default config
=>  Your selection, [1-2]: 2
Info:  Backing up previous settings file...
=>  Do you want to redirect all DNS resolutions on your network through this proxy? [y/n]: y
Info:  DNSFilter is Already on.
Info:  You can choose to keep any custom dnsfilter values and only redirect non-custom traffic or send all traffic through this proxy.
=>  Do you want to redirect only SOME DNS resolutions on your network through this proxy? [y/n]: n
Info:  DNS is set to redirect All DNS resolutions through this proxy.
Info:  Choose DNS resolving load balancing strategy:
  1) p2 (default)
  2) ph
  3) first
  4) random
=>  Select your strategy, [1-4]: 1
=>  Do you want to use load balance estimator to adjust resolvers based on latency calculations? [y/n]: y
Info:  Choose how your DNS servers are selected:
  1) Automatically (default)
  2) Manually
  3) Static
=>  Select your mode, [1-3]: 1
=>  Use servers that support the DNSCrypt protocol [y/n]: y
=>  Use servers that support the DNS-over-HTTPS protocol [y/n]: y
=>  Use servers that support the Oblivious DNS-over-HTTPS protocol [y/n]: y
=>  Use only servers that support DNSSEC [y/n]: n
=>  Use only servers that do not log user's queries [y/n]: y
=>  Use only servers that do not filter result [y/n]: y
=>  Do you want to choose which servers to disable (this can be a long process)? [y/n]: n
Info:  Evaluating the possibilities for other dnscrypt-proxy configurations such as relay support...
Info:  This option allows you to setup wildcard options for servers (server_name *) and/or relays (via=['*']) for all compatible servers.
=>  Do you only want relays for Oblivious DNS-over-HTTPS Servers? [y/n]: y
Info:  Available Relay servers:
  1) odohrelay-crypto-sx: Oblivious DoH relay running on Fastly Compute@Edge.
  2) odohrelay-koki-ams: Oblivious DoH relay in The Netherlands. No logs.
  3) odohrelay-koki-bcn: Oblivious DoH relay in Spain. No logs.
  4) odohrelay-surf: SURFdomeinen oblivious DoH relay.
=>  Please choose RELAY server, [1-4]: 1
=>  Please choose next RELAY server or press n to stop, [1-4/n]: n
Info:  Set the DNS server(s) for initializing dnscrypt-proxy
Info:  and router services (e.g. ntp) at boot
=>  Default is 9.9.9.9:
=>  2nd Default is 8.8.8.8:
=>  Set log level, default is 2, 0 is the most verbose, [0-6]:
Info:  Writing dnscrypt-proxy configuration...
Info:  Checking dnscrypt-proxy configuration...
[2021-12-31 06:26:16] [NOTICE] dnscrypt-proxy 2.1.1
[2021-12-31 06:26:16] [NOTICE] Dropping privileges
[2021-12-31 06:26:16] [NOTICE] Source [public-resolvers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [relays] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-servers] loaded
[2021-12-31 06:26:16] [NOTICE] Source [odoh-relays] loaded
[2021-12-31 06:26:16] [NOTICE] Anonymized DNS: routing everything via [odohrelay-crypto-sx]
[2021-12-31 06:26:16] [NOTICE] Configuration successfully checked
Info:  Starting dnscrypt-proxy...
Info:  For dnscrypt-proxy version 2 to work reliably, you might also want to:
Info:   - Add swap
Info:   - Add a RNG
Info:   - Set your timezone
Info:  Operation completed. You can quit or continue
=====================================================

I wasn't sure what to input for some of the questions so I may need to read up inside Github.


1. WHich option would I choose for installing option 6:

1) HAVEGED (Preferred if you do not have a HW RNG)
2) RNGD (Preferred if you have a HW RNG)

2. For one of the questions it asked if I wanted to use only servers that support DNSSEC I chose no. Should I've selected yes instead?

And, If I want to change it to yes, do I have to reinstall the script again using option 1? Thanks for this so far so good!

I only use DNSSec enabled DNS servers.
But it is more like a filter option: DNSCrypt-proxy will ignore servers that do not support DNSSec if Yes is selected even if server is manually selected , Selecting No will let you use DNS servers that maybe is faster for you but don`t support dnssec..
Haveged is now included in Merlin Firmware(386.4) and is not needed to be installed via DNSCrypt installer, If you are using a older firmware i recommend to install haveged via dnscrypt installer.

 

[Boji]

@SomeWhereOverTheRainBow

Latest versions of dnscrypt installer hangs when running "/jffs/dnscrypt/manager dnscrypt-start"

One must "ctrl+c" to get past this. Though it hangs here, it states in the logs state dnscrypt has restarted. It also seems to take 5x longer for DNSCRYPT to restart manually compared to before. Some 1-2 minutes. I see its restarting dnsmasq, did it used to restart dnsmasq?

It never used to bring up the 'manager' before recently, but drop back to terminal prompt.

 

[Zastoff]

@SomeWhereOverTheRainBow

Latest versions of dnscrypt installer hangs when running "/jffs/dnscrypt/manager dnscrypt-start"

View attachment 40201

One must "ctrl+c" to get past this. Though it hangs here, it states in the logs state dnscrypt has restarted. It also seems to take longer for DNSCRYPT to restart manually.

It never used to bring up the 'manager' before recently, but drop back to terminal prompt.

The regular:

/jffs/dnscrypt/manager dnscrypt-start

workes fine on my install
But @SomeWhereOverTheRainBow added service commands and some other fixes for dnscrypt installer in latest version:

service start_dnscrypt-proxy
service restart_dnscrypt-proxy
service stop_dnscrypt-proxy

Can maybe try the start or restart service commands instead and see if that works better for you

 

[Boji]

The regular:

/jffs/dnscrypt/manager dnscrypt-start

workes fine on my install
But @SomeWhereOverTheRainBow added service commands and some other fixes for dnscrypt installer in latest version:

service start_dnscrypt-proxy
service restart_dnscrypt-proxy
service stop_dnscrypt-proxy

Can maybe try the start or restart service commands instead and see if that works better for you

Thanks, that actually works and drops back to terminal, but it still takes almost two minutes for the resolver to work, which used to take 5-10 seconds tops. Looks like dnsmasq is being restarted as well, which adds an extra 1-2 minutes. I dont remember that happening before.

Mar 15 08:01:18 dnscrypt-proxy[7165]: Loading the set of blocking rules from [blocked-names.txt]
Mar 15 08:01:22 Diversion: restarted Dnsmasq to apply settings

 

[Boji]

Even after dnsmasq restarts, its trying to send querys to dnscrypt, after a good 45 seconds, and cpu usage is peaked, dnscrypt just hangs for another 30-40 seconds.

 

[Zastoff]

Even after dnsmasq restarts, its trying to send querys to dnscrypt, after a good 45 seconds, and cpu usage is peaked, dnscrypt just hangs for another 30-40 seconds.

I have not experienced those delays when dnscrypt-proxy is restarted, Will test some restarts on the proxy and see what happen here and how it behaves(to see if i can replicate those long delays for it to start as you experienced)

 

[Boji]

I have not experienced those delays when dnscrypt-proxy is restarted, Will test some restarts on the proxy and see what happen here and how it behaves(to see if i can replicate those long delays for it to start as you experienced)

Yeah this problem began when 'manager' began taking over the restart process using /jffs/dnscrypt/manager dnscrypt-start

@SomeWhereOverTheRainBow



View attachment 40201

Never used to see "user defined signal 1" or manager doing the restart before.