Menu
What's new
By:
Filters Better Search

DNSCrypt-Proxy version 2 and STUBBY add-ons for R7800/R9000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Voxel said:
Now, your question. I have no doubts in DNSCrypt 2 advantages. It is good, I do use it myself. Preferring vs other alternatives and as a test. I have doubts only in the way of concrete implementation used by author (respect to him of course). For me C/C++ is preferable way. But not Go for embedded devices.
Click to expand...

In ASUS firmware DNSCrypt v2 (DoH) does not work with the latest version of dnsmasq v2.80, if you use DNSSEC, Traditional QoS, the internet does not work, I am tired and now I use the DNS of my VPN for the moment, but with Unbound / Stubby DoT I have not seen anyone complain about these problems.

I do not know if these problems exist in R7800, but I am interested in buying this router and I would like you to implement DoT, in the same way that Fork Asuswrt-Merlin has.
HowIFix said:
@Voxel Why do not you use Unbound/Stubby DoT on the router? and you can configure it through the web GUI. like this firmware:
dot-final-png.14208
Click to expand...
 
Last edited:
HowIFix said:
In ASUS firmware DNSCrypt v2 (DoH) does not work with the latest version of dnsmasq v2.80
Click to expand...

But why do you think that DNSCrypt v2 is DoH? Well, maybe I am not an expert but as far as I understand it is just DNSCrypt.

https://dnscrypt.info/faq/

Why use DNSCrypt?
. . .

Other protocols

[DNS over SSH]
. . .

DNS over TLS (RFC7858)
. . .

DNS over HTTPS (DoH)
. . .


DoH and DoT are in the section "other protocols"

HowIFix said:
I do not know if these problems exist in R7800,
Click to expand...
To say true I do use DNSCrypt v2 mainly with my R9000. But it is working w/o any issues (current uptime is 9 days, since last reboot). The same codes as for R7800 so IMO it is like a test. I use servers supporting DNSSEC.

HowIFix said:
I am interested in buying this router
Click to expand...
Just to note: probably you will be dissatisfied by its GUI (vs RMeriln's version for ASUS routers).

Voxel.
 
Voxel said:
But why do you think that DNSCrypt v2 is DoH? Well, maybe I am not an expert but as far as I understand it is just DNSCrypt.
Click to expand...
I know that DoH is not DNSCrypt v2 but it is the only one that supports this protocol.

Voxel said:
To say true I do use DNSCrypt v2 mainly with my R9000. But it is working w/o any issues (current uptime is 9 days, since last reboot). The same codes as for R7800 so IMO it is like a test. I use servers supporting DNSSEC.
Click to expand...
In Asuswrt-Merlin with the dnsmasq v2.79 it worked without problems, but since it updates to dnsmasq v2.80 it no longer works with DNSCrypt for me.

But in Stubby DoT with dnsmasq v2.80 there's no problem, from what I've read.

Voxel said:
Just to note: probably you will be dissatisfied by its GUI (vs RMeriln's version for ASUS routers).
Click to expand...
With that I do not have those problems that I mentioned before I will be happy.

At this moment I'm going to try the Fork version and if I do not like it, in case I had the same problems as the normal version of asuswrt-merlin, I will buy used/refurbished R7800.
 
Last edited:
HowIFix said:
In Asuswrt-Merlin with the dnsmasq v2.79 it worked without problems, but since it updates to dnsmasq v2.80 it no longer works with DNSCrypt for me.
Click to expand...
Do not worry. NG migrated to 2.78 in fw for R9000 only few months ago. Using 2.39 for a very long time for all of their routers. I succeed to use this version 2.78 for R7800 but I do not think that it will be changed in few nearest years ;-). It is very problematic and dangerous to change some of the packages used by NG because of their own specific changes in these packages needed for other enclosed packages. dnsmasq is such a package. So... It is almost frozen ;-)

HowIFix said:
With that I do not have those problems that I mentioned before I will be happy.
Click to expand...
OK. IMO R7800 is still one of the best routers (cost/performance). Still in the top of SNB review.

Voxel.
 
I've been reading a bit about this DoH vs DoT on the back of an android article. It seems Google is looking at incorporating DoT in Android P and of the 2, it's the less experimental and theoretically would have less overhead.

I'm not sure if this is why the ASUS/Merlin opted for this?
 
gobble said:
I've been reading a bit about this DoH vs DoT on the back of an android article. It seems Google is looking at incorporating DoT in Android P and of the 2, it's the less experimental and theoretically would have less overhead.

I'm not sure if this is why the ASUS/Merlin opted for this?
Click to expand...

DoT is a standard protocol officially backed by the IETF. DoH is not, neither is DNSCrypt.
 
RMerlin said:
DoT is a standard protocol officially backed by the IETF. DoH is not, neither is DNSCrypt.
Click to expand...

Thanks for letting us know.

@Voxel Would be interesting to know if this is possible through Entware as a replacement for DNSCrypt, but I'm way out of my league with this.
 
gobble said:
@Voxel Would be interesting to know if this is possible through Entware as a replacement for DNSCrypt, but I'm way out of my league with this.
Click to expand...
As I wrote DNSCrypt Proxy-2 is no a candidate for inclusion into firmware because of its size.

There are several DoT packages in Entware. One of them is stubby.

https://github.com/getdnsapi/stubby

So maybe (candidate). You can try to play with it using Entware.

https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html
https://www.voxel-firmware.com/Down...are-3x-Voxel/stubby_0.2.2-1_cortex-a15-3x.ipk

Voxel.
 
Voxel said:
As I wrote DNSCrypt Proxy-2 is no a candidate for inclusion into firmware because of its size.

There are several DoT packages in Entware. One of them is stubby.

https://github.com/getdnsapi/stubby

So maybe (candidate). You can try to play with it using Entware.

https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html
https://www.voxel-firmware.com/Down...are-3x-Voxel/stubby_0.2.2-1_cortex-a15-3x.ipk

Voxel.
Click to expand...

Sorry, what I mean is if Stubby (for example) is small in size, this could be incorporated into the firmware instead of the original DNSCrypt, or whether it would remain something for people to install and experiment with. Either way, I'll wait for someone that knows what they're doing to test it out and feedback before I dip my toe in :p
 
Last edited:
Tried to install last night
Just upgraded router to 60sf firmware

Having a problem:

root@R7800:/$ /etc/init.d/ dnscrypt-proxy-2 enable

/bin/ash: /etc/init.d/: Permission denied


root@R7800:/etc/init.d$ dnscrypt-proxy-2 enable

[2018-09-13 13:22:08] [FATAL] Unable to load the configuration file [dnscrypt-proxy.toml] -- Maybe use the -config command-line switch?

and
root@R7800:/etc/init.d$ /etc/init.d/dnscrypt-proxy-2 start

Terminated



any ideas?
Thanks
 
randytsuch said:
Having a problem:

root@R7800:/$ /etc/init.d/ dnscrypt-proxy-2 enable

/bin/ash: /etc/init.d/: Permission denied
Click to expand...
Sorry. There was a misprint in my instruction. Space symbol. Correct command:

Code: 
/etc/init.d/dnscrypt-proxy-2 enable


randytsuch said:
and
root@R7800:/etc/init.d$ /etc/init.d/dnscrypt-proxy-2 start

Terminated
Click to expand...

Message is misleading, agree. It is started but message is from dnsmasq start/stop.

So try to

/etc/init.d/dnscrypt-proxy-2 enable

(w/o space) and reboot your router.

Voxel.
 
Voxel said:
Sorry. There was a misprint in my instruction. Space symbol. Correct command:

Code: 
/etc/init.d/dnscrypt-proxy-2 enable




Message is misleading, agree. It is started but message is from dnsmasq start/stop.

So try to

/etc/init.d/dnscrypt-proxy-2 enable

(w/o space) and reboot your router.

Voxel.
Click to expand...
Thanks for the quick reply, will give it a go tonight, which is about 12 hours from now my time.

Randy
 
Hello, confirming Stubby is working fine. Although I expected that my dns-queries would go to 1.1.1.1, they go to 162.158.108.154. But that's also a Cloudflare address. So I guess some sort of round-robin.

What I wanted to say to Voxel is:
- Thanks for your builds. They work flawlessly
- Your readme file for Stubby R9000 is not correct. The filenames do not match with what's in the readme.

Thanks again. ;)
 
Arnout Verbeken said:
Hello, confirming Stubby is working fine. Although I expected that my dns-queries would go to 1.1.1.1, they go to 162.158.108.154. But that's also a Cloudflare address. So I guess some sort of round-robin.

What I wanted to say to Voxel is:
- Thanks for your builds. They work flawlessly
- Your readme file for Stubby R9000 is not correct. The filenames do not match with what's in the readme.

Thanks again. ;)
Click to expand...
Thank you for your report. readme is corrected.

Voxel.
 
Hi @Voxel

Firstly, Thank you to your work!

My question is, how I can check that DNSCrypt actually working perfect? I use Win 10 Enterprise.
 
You must log in or register to reply here.

Similar threads

Voxel
Voxel Custom firmware build for R7800 v. 1.0.2.104SF
2
Replies
25
Views
4K
Voxel
Voxel
Voxel
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.70HF
Replies
4
Views
1K
kamoj
kamoj
Voxel
Voxel Custom firmware build for R7800 v. 1.0.2.100SF
2
Replies
29
Views
6K
R. Gerrits
R
Voxel
Voxel Custom firmware build for R7800 v. 1.0.2.97SF
2 3
Replies
44
Views
10K
Kitsap
K
Voxel
Voxel Custom firmware build for R9000/R8900 v. 1.0.4.66HF
2
Replies
20
Views
3K
Panner
P
Similar threads
Thread starter Title Forum Replies Date
0 Optimal trustless privacy configuration (DNScrypt/Unbound/Wireguard?) NETGEAR AC Routers and Adapters (Wi-Fi 5) 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 838 (members: 40, guests: 798)
Top