Posted: Mon Nov 03, 2014 17:27 Post subject: How to run DNSCrypt?
Hello, i know this is an old post, but can't find information in other places about DNSCrypt. My router is running DD-WRT and the firmware seems to support JJFS, but how do I run DNSCrypt? I upload the files from lancepants to the jjfs folder and then?
Posted: Mon Nov 03, 2014 17:52 Post subject: Re: How to run DNSCrypt?
davidpiedra wrote:
Hello, i know this is an old post, but can't find information in other places about DNSCrypt. My router is running DD-WRT and the firmware seems to support JJFS, but how do I run DNSCrypt? I upload the files from lancepants to the jjfs folder and then?
Thanks for your help.
EDIT: I don't use DNSMasq.
David
First, the DNS server of the router has to call DNSCrypt, e.g. at 192.168.1.1:40.
Second, DNSCrypt, as compiled the Lancethepants has to find its csv file at /opt/share/dnscrypt-proxy/dnscrypt-resolvers.csv
Third, in order to run it enter:
/opt/bin/dnscrypt-proxy -a 192.168.1.1:40 -d -R opendns
Time zone has to be UTC with no daylight saving and the time has to be synchronized from an IP number. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
I was reading the tutorial for doing this (http://www.linksysinfo.org/index.php?threads/dnscrypt-preview.37031/) and I'm wondering how to input 127.0.0.2:40 into Setup->WAN Setup->Static DNS. I'm running Firmware: DD-WRT v3.0-r28211 std (11/16/15) on an EA6900 router. DNScrypt doesn't seem to be part of this firmware.
I was reading the tutorial for doing this (http://www.linksysinfo.org/index.php?threads/dnscrypt-preview.37031/) and I'm wondering how to input 127.0.0.2:40 into Setup->WAN Setup->Static DNS. I'm running Firmware: DD-WRT v3.0-r28211 std (11/16/15) on an EA6900 router. DNScrypt doesn't seem to be part of this firmware.
First, it indeed isn't part of it. Second, edit dnsmsasq config file and put therein
Code:
server=127.0.0.1#40
_________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
I took another stab at this and messed something up. Lost DNS. I tried removing the changes but my DNS is still messed up. Installing dnscrypt also killed my openvpn server that was running on the router - I think it was the time getting messed up due to loss of DNS. At least I got my openvpn server working again after rolling back. One thing that kept my clients working was installing dnscrypt on all my Linux boxes - otherwise websites wouldn't resolve. I still have problems with DNS on boxes that don't have dnscrypt options but was able to fix those by manually entering DNS server IP addresses. I don't know if it's just coincidence but I discovered that my mail server isn't accepting incoming mail now, also. When it rains it pours.
I got dnscrypt to work on an individual PC running Ubuntu 14.04 but I'm not sure of how to implement it on the router using dd-wrt. For one thing dnscrypt-proxy is in binary form from lancethepants while it's an editable script on Ubuntu. Getting the settings right on the router will require an explanation of such things as to why port 40 is being used and what dnscrypt server I'm trying to make contact with - I suppose that'll explain why udp port 40 is being used. Besides, if I want to use cs-uswest I have to use port 443 - that's what I'm using on Ubuntu. If dnscrypt is hardwired to be a certain way then a dd-wrt tutorial might be in order. Of course, if dnscrypt was included in dd-wrt with a GUI maybe a lot of guess work would be eliminated.
Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3
What is 192.168.1.1? Your router LAN IP? And what is 127.0.0.3? I'm familiar with 127.0.0.2
Yes, 192.168.1.1 is the DNSMasq on the router, which in its turn calls dnscrypt.
127.0.0.2 are ways to fill the void, they default to localhost on each device, so they are not specific to the router.
dnscrypt wants time to be UTC, so if you take care of that it will be ok (it is kind of a problem in DD-WRT land). _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3
What is 192.168.1.1? Your router LAN IP? And what is 127.0.0.3? I'm familiar with 127.0.0.2
Quote:
Yes, 192.168.1.1 is the DNSMasq on the router, which in its turn calls dnscrypt.
I don't use the router default of 192.168.1.1 - that's why I was asking.
Quote:
dnscrypt wants time to be UTC, so if you take care of that it will be ok (it is kind of a problem in DD-WRT land).
It must be an issue with dd-wrt because I have dnscrypt-proxy running on my individual PCs and they are working fine with the time set to local time.
Also, I'm running an OpenVPN server on the router and I'm wondering what impact changing the router to UTC will have on the clients set for local time (i.e. will the clients still be able to connect?).
I just answered my own question about OpenVPN - it still works after changing the router from local time to UTC.
Anyway, I still can't get dns to resolve before or after starting dnscrypt-proxy. I must be doing something wrong but I don't know what. Here's my dnsmasq.conf file with the static leases snipped: