What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@raellove During installation you're asked for a fallback DNS-server, specifically for boot, so it can download the resolvers list and sync with NTP. Maybe run the script again and choose to reconfigure? I think you might have missed a step. It's the step where it proposes to set 8.8.8.8 as default DNS-server, you can use that or use any (reliable) DNS server of your choice. This is only used during boot, befory dnscrypt loads the list with DNS resolvers etc and takes over.
 
hello,
may I use Dnscrypt with new DNS 1.1.1.1 ?
Regards
Yes server name is cloudflare
It is running in DOH, no log
 
DonnyJohnny do You think is good idea to use this ?
In what aspect? DOH is the trend now. Privacy wise, good. Performance I think suppose better than dnscrypt. Security wise I think dnscrypt still better. Cloudflare say they don’t log so better than a lot of other mainstream dns. Cloudflare is new in dns but they have big cdn network and their latency is good. I am using it and it is like 5-14ms.
But of coz there are people who don’t trust cloudflare. Do your own Googling and decide yourself. To me, be it Google, opendns, or other public dns providers, I preferred to trust the bigger companies.. well, they log my queries.. so? At least I know they probably use them for advertisement purpose. But some other smaller dns providers, they say no log? How do we know? Since they are smaller, likely they will have bad latency and security wise compare to bigger companies.
These are just my opinions. You just have to trial and error yourself.
 
hello,
may I use Dnscrypt with new DNS 1.1.1.1 ?
Regards
Works for me for the last 30 hours or so. (I set this up Mar 31 and just did this reconfig to double check all security / privacy settings.)
Code:
Info:  Choose how your DNS servers are selected:
  1) Automatically
  2) Manually
 =>  Select your mode, [1-2]: 1
 =>  Use servers support the DNSCrypt protocol [y/n]: y
 =>  Use servers support the DNS-over-HTTPS protocol [y/n]: y
 =>  Use only servers support DNSSEC [y/n]: y
 =>  Use only servers that do not log user's queries [y/n]: y
 =>  Use only servers that do not filter result [y/n]: y
 Info:  Set a DNS server for initializing dnscrypt-proxy
 Info:  and router services (e.g. ntp) at boot
 =>  Default is 8.8.8.8: 1.1.1.1
 =>  Set log level, default is 2, 0 is the most verbose, [0-6]: 2
 Info:  Writing dnscrypt-proxy configuration...
 Info:  Checking dnscrypt-proxy configuration...
[2018-04-01 13:36:03] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-04-01 13:36:03] [NOTICE] Configuration successfully checked
 Info:  Restarting dnscrypt-proxy with new config...

Apr  1 13:36:03 <redacted>: Start dnscrypt-proxy
Apr  1 13:36:03 dnscrypt-proxy[12519]: Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Apr  1 13:36:03 dnscrypt-proxy[12519]: dnscrypt-proxy 2.0.7
Apr  1 13:36:03 dnscrypt-proxy[12519]: Now listening to 127.0.0.1:65053 [UDP]
Apr  1 13:36:03 dnscrypt-proxy[12519]: Now listening to 127.0.0.1:65053 [TCP]
Apr  1 13:36:04 dnscrypt-proxy[12519]: [arvind-io] OK (crypto v2) - rtt: 246ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [cloudflare] OK (DoH) - rtt: 32ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [d0wn-fr-ns1] OK (crypto v1) - rtt: 171ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [d0wn-is-ns2] OK (crypto v1) - rtt: 214ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-lv-ns2] TIMEOUT
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-nl-ns4] OK (crypto v1) - rtt: 172ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-se-ns2] OK (crypto v1) - rtt: 190ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-tz-ns1] OK (crypto v1) - rtt: 310ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [d0wn-za-ns1] OK (crypto v1) - rtt: 338ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [de.dnsmaschine.net] OK (crypto v2) - rtt: 170ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.ca-1] OK (crypto v1) - rtt: 90ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.ca-2] OK (crypto v1) - rtt: 101ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.eu-dk] OK (crypto v1) - rtt: 178ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.eu-nl] OK (crypto v1) - rtt: 163ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.name] TIMEOUT
Apr  1 13:36:07 dnscrypt-proxy[12519]: [dnscrypt.nl-ns0] OK (crypto v1) - rtt: 161ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [doh-crypto-sx] OK (DoH) - rtt: 324ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us] OK (crypto v2) - rtt: 45ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us2] OK (crypto v2) - rtt: 87ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us3] OK (crypto v2) - rtt: 66ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [freetsa.org] OK (crypto v1) - rtt: 65ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [flatty.co] OK (crypto v2) - rtt: 186ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ipredator] OK (crypto v1) - rtt: 202ms
Apr  1 13:36:10 dnscrypt-proxy[12519]: [lazarus-dns] TIMEOUT
Apr  1 13:36:10 dnscrypt-proxy[12519]: [opennic-onic] OK (crypto v1) - rtt: 95ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [publicarray-au] OK (crypto v1) - rtt: 173ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [qag.me] OK (crypto v2) - rtt: 251ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [scaleway-fr] OK (crypto v2) - rtt: 163ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [securedns] OK (crypto v1) - rtt: 174ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [soltysiak] OK (crypto v1) - rtt: 191ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [ventricle.us] OK (crypto v1) - rtt: 96ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: Server with the lowest initial latency: cloudflare (rtt: 19ms)
Apr  1 13:36:11 dnscrypt-proxy[12519]: dnscrypt-proxy is ready - live servers: 28
 
Works for me for the last 30 hours or so. (I set this up Mar 31 and just did this reconfig to double check all security / privacy settings.)
Code:
Info:  Choose how your DNS servers are selected:
  1) Automatically
  2) Manually
 =>  Select your mode, [1-2]: 1
 =>  Use servers support the DNSCrypt protocol [y/n]: y
 =>  Use servers support the DNS-over-HTTPS protocol [y/n]: y
 =>  Use only servers support DNSSEC [y/n]: y
 =>  Use only servers that do not log user's queries [y/n]: y
 =>  Use only servers that do not filter result [y/n]: y
 Info:  Set a DNS server for initializing dnscrypt-proxy
 Info:  and router services (e.g. ntp) at boot
 =>  Default is 8.8.8.8: 1.1.1.1
 =>  Set log level, default is 2, 0 is the most verbose, [0-6]: 2
 Info:  Writing dnscrypt-proxy configuration...
 Info:  Checking dnscrypt-proxy configuration...
[2018-04-01 13:36:03] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-04-01 13:36:03] [NOTICE] Configuration successfully checked
 Info:  Restarting dnscrypt-proxy with new config...

Apr  1 13:36:03 <redacted>: Start dnscrypt-proxy
Apr  1 13:36:03 dnscrypt-proxy[12519]: Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
Apr  1 13:36:03 dnscrypt-proxy[12519]: dnscrypt-proxy 2.0.7
Apr  1 13:36:03 dnscrypt-proxy[12519]: Now listening to 127.0.0.1:65053 [UDP]
Apr  1 13:36:03 dnscrypt-proxy[12519]: Now listening to 127.0.0.1:65053 [TCP]
Apr  1 13:36:04 dnscrypt-proxy[12519]: [arvind-io] OK (crypto v2) - rtt: 246ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [cloudflare] OK (DoH) - rtt: 32ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [d0wn-fr-ns1] OK (crypto v1) - rtt: 171ms
Apr  1 13:36:04 dnscrypt-proxy[12519]: [d0wn-is-ns2] OK (crypto v1) - rtt: 214ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-lv-ns2] TIMEOUT
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-nl-ns4] OK (crypto v1) - rtt: 172ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-se-ns2] OK (crypto v1) - rtt: 190ms
Apr  1 13:36:05 dnscrypt-proxy[12519]: [d0wn-tz-ns1] OK (crypto v1) - rtt: 310ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [d0wn-za-ns1] OK (crypto v1) - rtt: 338ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [de.dnsmaschine.net] OK (crypto v2) - rtt: 170ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.ca-1] OK (crypto v1) - rtt: 90ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.ca-2] OK (crypto v1) - rtt: 101ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.eu-dk] OK (crypto v1) - rtt: 178ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.eu-nl] OK (crypto v1) - rtt: 163ms
Apr  1 13:36:06 dnscrypt-proxy[12519]: [dnscrypt.name] TIMEOUT
Apr  1 13:36:07 dnscrypt-proxy[12519]: [dnscrypt.nl-ns0] OK (crypto v1) - rtt: 161ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [doh-crypto-sx] OK (DoH) - rtt: 324ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us] OK (crypto v2) - rtt: 45ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us2] OK (crypto v2) - rtt: 87ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ev-us3] OK (crypto v2) - rtt: 66ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [freetsa.org] OK (crypto v1) - rtt: 65ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [flatty.co] OK (crypto v2) - rtt: 186ms
Apr  1 13:36:08 dnscrypt-proxy[12519]: [ipredator] OK (crypto v1) - rtt: 202ms
Apr  1 13:36:10 dnscrypt-proxy[12519]: [lazarus-dns] TIMEOUT
Apr  1 13:36:10 dnscrypt-proxy[12519]: [opennic-onic] OK (crypto v1) - rtt: 95ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [publicarray-au] OK (crypto v1) - rtt: 173ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [qag.me] OK (crypto v2) - rtt: 251ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [scaleway-fr] OK (crypto v2) - rtt: 163ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [securedns] OK (crypto v1) - rtt: 174ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [soltysiak] OK (crypto v1) - rtt: 191ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: [ventricle.us] OK (crypto v1) - rtt: 96ms
Apr  1 13:36:11 dnscrypt-proxy[12519]: Server with the lowest initial latency: cloudflare (rtt: 19ms)
Apr  1 13:36:11 dnscrypt-proxy[12519]: dnscrypt-proxy is ready - live servers: 28
I tried cloudflare as well but found that when testing on dnsleak.com or ipleak.net the dns server results where 0 suggesting a leak.
 
DonnyJohnny, what DNS You use ? Aspect, I mean what is better to use for home user for example ?
 
I tried cloudflare as well but found that when testing on dnsleak.com or ipleak.net the dns server results where 0 suggesting a leak.
0 result mean that the dns is more spoof resistant as they ignore/drop external query. Not a leak but better. A few good dns providers also have this feature enabled to ignore. Like securedns and ipredator.
Use grc to test dns spoofability
https://www.grc.com/dns/dns.htm

You can still see you are using cloudflare when you do a dnssec test
http://conn.internet.nl/connection/

DonnyJohnny, what DNS You use ? Aspect, I mean what is better to use for home user for example ?
Currently using cloudflare.
 
0 result mean that the dns is more spoof resistant as they ignore/drop external query. Not a leak but better. A few good dns providers also have this feature enabled to ignore. Like securedns and ipredator.
Use grc to test dns spoofability
https://www.grc.com/dns/dns.htm

You can still see you are using cloudflare when you do a dnssec test
http://conn.internet.nl/connection/


Currently using cloudflare.
Thank you for the information I had no idea it was more secure that way. Thanks for the clarification and great rtt times....:p
 
I tried cloudflare as well but found that when testing on dnsleak.com or ipleak.net the dns server results where 0 suggesting a leak.
As you can see above, I have dns servers automatically selected in DNSCrypt. Most times cloudflare has the lowest latency as seen in the log. I have tested DNS leaks on four sites including those two and see no leaks, with or without VPN connected. Connections seem quicker, but it could well be placebo effect. :)
 
hello,
When I have DNSCrypt in autmatic - Can I put DNS in WAN other than Google? Yestarday I put in WAN Cloudfire DNS in WAN and some my webpages stops work special from banking. Any advice ?
or it is without sens to put DNS in WAN because DNSCrypt changes DNS in automatic ?
Regards
 
Last edited:
hi, testing 'cloudflare' server.... I'm obtaining dnsmasq error "Maximum number of concurrent DNS queries reached" when updating banmalware in skynet.

any clues? thanks
 
News: Issue with RT-AC86U should be fixed, dnscrypt-proxy is updated to 2.0.6, haveged to 1.9.2 and rngd to v5.
Tag @Andy1932
I bought a new usb drive and since my installation is pretty simple, I decided to reset to defaults and reinstall everything.
Again, I'm having the ntp update time issues I was having before this fix. Has anything else changed or is it just me?
Thanks.
 
So I have JUST run the installer. I did some Googling but didn't see any description of "load balancing techniques" so I just picked "random." Is there a best one, or a description out there my Googling hasn't found?
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top