[stillaround2024]

Sorry long hiatus with Fresh Tomato but So Much More Help with DD-WRT!

Unable to setup DNSCrypt Resolver using TLS errors. I have spent much time trying to resolve this with various post on topic and multiple release. Perhaps I am not holding my breath right or there is just issue with hardware.

Feb 13 13:18:00 DD-WRT user.err smartdns: create icmp socket failed, Address family not supported by protocol
Feb 13 13:18:00 DD-WRT user.info : [smartdns] : successfully started
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up
Feb 13 13:18:00 DD-WRT user.info : [dnsmasq] : Error on startup, returncode 1

[Alozaros]

i dont see any DNSCrypt Resolver related stuff here ??

"Unable to setup DNSCrypt Resolver using TLS errors..." ??

not very clear what is happening here neither...

and the log says it all

Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up

go and check 21 line take it out...

I smell misconfiguration....

SmartDNS and DNSCypt will not coexist together..along with DNSmasq...well it can, but its a nonsense...

[dale_gribble39]

Screenshots of configuration and certain other bits obtained via CLI would probably help discern the problem here.

[egc]

If you want encrypted DNS (DoT/DoH) have a look at SmartDNS:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896

[stillaround2024]

[stillaround2024]

[egc]

[Alozaros]

server=/adguard-dns.com/9.9.9.9
server=/time.windows.com/1.1.1.1
server=/pool.ntp.org/time.google.com/1.0.0.1
server=time-a-g.nist.gov 129.6.15.28

remove those especially the first line...


may be use that one only...
server=/time-a-g.nist.gov/129.6.15.28

in general in NTP time zone you add only IP.s not a resolving name..as long its not an IP format remove anything from there too...
if your NTP time is not ready and running expect problems...

also looking at your SmartDNS config no idea why you want those there too...it seams you've made a proper DNS mess...

oot@DD-WRT:/tmp# cat smartdns.conf
bind :6053
log-size 32K
log-num 1
log-level warn
log-file /tmp/smartdns.log
ca-file /etc/ssl/ca-bundle.crt
ca-path /etc/ssl
server 192.168.1.9
server 1.1.1.1
server 1.0.0.1
log-file /tmp/var/log/smartdnsegc.log
log-level warn
server-tls 1.1.1.1:853
server-tls 9.9.9.9:853
server-tls 94.140.15.15:853
#server-tls 1.1.1.1:853 -host-name cloudflare-dns.com -tls-host-verify cloudflare-dns.com
#server-tls 9.9.9.9:853 -host-name dns.quad9.net -tls-host-verify dns.quad9.net root@DD-WRT:/tmp#

That's what you'd need in GUI SmartDNS section, as well look at the GUI DNSmasq settings...



for NTP time select your time zone in the GUI (basic set up page) and may be just add a one IP--> 162.159.200.123 this is Cloudflare NTP time, you can use GGl time if so 216.239.35.8
or them both in this format with interval between 216.239.35.4 162.159.200.123
can do NTP time in DNSmasq if more convenient server=/time-a-g.nist.gov/129.6.15.28...or can add a bootstrap DNS to SmartDNS..

add to SmartDNS config...(i doubt it does the job but anyway)

server 9.9.9.9 -bootstrap-dns

[stillaround2024]

Thanks 4 the help guys!

I was unable to implement any of the recommendations. I tried to set this up on r55109,r54682,r54604 and r54475 all failed..

Great idea,it should of been implemented years ago and I bet there is a lot of push back from certain bodies..

Any event had to jump ship and return to fresh tomato to get this to work out of box..

If your reading this today --Netflix changed the password length on the bell receiver app.. a real shit show..it should be 60 but the new limit is 30 and some of the characters will not work on the remote menu..

[stillaround2024]

Ok FT does have this working some what..but Entware Stubby is the way to go!!...So I will load dd-wrt back on with a recent build I had tried... I just hope samba on dd-wrt allows addgroup and not some d.a....single user version like whats on FT.

[Alozaros]

SmartDNS is working as it should no problems with it …
DNScript 1.95 embeded ddwrt version is also working as it should…
Stubby is also working via Entware …
I tend to believe you either dont follow the guidances or over complicate the set up with
unessecarry stuff…

anyway for Stubby check red link in my sig …

[stillaround2024]

[Alozaros]

Original Stubby standard config is old and very basic, it made in order to work out of the box 'kind of'...and also missing config lines...that could be vital..like the certificates path, tls version, port and ect...
you can use Stubby however you like... as long as you are happy...

for more info what stubby does check with kdig (you have to install it via entware)

kdig -d @9.9.9.9 +tls-ca +tls-host=dns9.quad9.net example.com

p.s. it seams someone locked down the Stubby thread so, i cannot add testing methods or edit the Stubby config..very clever, i have to admit.. (must ve happened very recently)..