Some progress made. I was experimenting with the options and got dns working on the router again by starting unbound. Setup->DHCP->Recursive DNS Resolving.
But, I still have problems with getting dnscrypt-proxy to do the proxying again. It appears to have daemonized but there's no log output to show it proxying. No telling what happened with all the experimenting that I had to do.
Perhaps I should repeat this, too: if you want it to proxy on port 40, then specify port 40, don't use default port (53). _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Perhaps I should repeat this, too: if you want it to proxy on port 40, then specify port 40, don't use default port (53).
I have a dnsmasq.conf entry that says server=127.0.0.1#40 but it doesn't do what I thought it would do. I expected that it would do dns queries on port 40 but I was getting proxying done on port 53. Right now I'm not getting any proxying done - another issue to resolve.
It would be nice if they could do what Tomato does. Shibby Tomato has a checkbox for enabling dnscrypt-proxy and that displays boxes for whichever proxy you want to use, etc. Tomato is missing some features that dd-wrt has so I guess it's a toss up as to which firmware to use. I like dd-wrt since it has more options for my router but I really wish it was less complicated to use dnscrypt-proxy.
I am curios about the flash memory size that is required to install DNSCrypt. It is known that OpenVPN images require at least 8M, so what extra memory would it take to install DNSCrypt?
Would it help trying to make an image myself and looking at its size?
I am curios about the flash memory size that is required to install DNSCrypt. It is known that OpenVPN images require at least 8M, so what extra memory would it take to install DNSCrypt?
Would it help trying to make an image myself and looking at its size?
Use the firmware mod kit, you may simply delete some software you don't need and replace it with dnscrypt-proxy. File size has to be lower or equal to original file size. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
At this point I am still poking around trying to figure out what do to next, and where.
Update:
I guess the packages are right, but still not working. I'm getting closer though:
Quote:
root@R7000:~# dnscrypt-proxy -a 127.53.53.53:5353 -R cisco -L /opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
[INFO] - [cisco] does not support DNS Security Extensions
[WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
[NOTICE] Starting dnscrypt-proxy 1.7.0
[INFO] Generating a new session key pair
[INFO] Done
[INFO] Server certificate with serial #1463092899 received
[INFO] This certificate is valid
[INFO] Chosen certificate #1463092899 is valid from [2016-05-12] to [2017-05-12]
[INFO] Server key fingerprint is ABA1:F000:D394:8045:672D:73E0:EAE6:F181:19D0:2A62:3791:EFAD:B04E:40B7:B6F9:C40B
[NOTICE] Proxying from 127.53.53.53:5353 to 208.67.220.220:443
Once I change the DNS servers to 127.53.53.53, 127.0.0.1 and 127.0.0.2, I am no longer able to resolve domains. Still poking around. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Last edited by HalfBit on Sun Sep 25, 2016 8:17; edited 1 time in total
I got it. Not really sure what did it other than make sure the listeners were up and validate the DNSMasq and DNS server configurations were correct. Hope this information helps:
Non-authoritative answer:
debug.opendns.com text =
"server 5.REDACTED"
...
debug.opendns.com text =
"source REDACTED_WAN_IP:54226"
debug.opendns.com text =
"dnscrypt enabled (REDACTED)"
...
OBSERVATIONS:
You get more information if you don't "daemonize" the process, at least initially until you get it going:
Code:
root@R7000:~# dnscrypt-proxy -a 127.0.0.53:5353 -R cisco -L /opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
[INFO] - [cisco] does not support DNS Security Extensions
[WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
[NOTICE] Starting dnscrypt-proxy 1.7.0
[INFO] Generating a new session key pair
[INFO] Done
[INFO] Server certificate with serial #1463092899 received
[INFO] This certificate is valid
[INFO] Chosen certificate #1463092899 is valid from [2016-05-12] to [2017-05-12]
[INFO] Server key fingerprint is ABA1:F000:D394:8045:672D:73E0:EAE6:F181:19D0:2A62:3791:EFAD:B04E:40B7:B6F9:C40B
[NOTICE] Proxying from 127.0.0.53:5353 to 208.67.220.220:443
Whereas daemonizing (-d switch) gives you:
Code:
root@R7000:~# dnscrypt-proxy -a 127.0.0.53:5353 -R cisco -L /opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv -d
[INFO] - [cisco] does not support DNS Security Extensions
[WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
root@R7000:~#
I was able to fully validate DNSCrypt was working today. I noticed that it was not working on my guest wifi VAP, so I started tinkering again. I was able to finally get the TXT DNS record for debug.opendns.com from a Windows 10 laptop.
Non-authoritative answer:
debug.opendns.com text =
"server 5.REDACTED"
...
debug.opendns.com text =
"source REDACTED_WAN_IP:64526"
debug.opendns.com text =
"dnscrypt enabled (REDACTED)"
...
In order to get it working on my guest wifi VAP, I had to enable "Forced DNS Redirection" on the Wireless>Basic Settings tab(s) under the guest wifi VAP settings, and enter the IP address for my router on the my network in the "Optional DNS Target" field.
Clients connected to the guest wifi VAP are configured to use the guest wifi VAP default gateway IP as DNS/DHCP/Gateway, and then that IP address uses the router's real IP address as DNS which is then proxied through DNSCrypt. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy