Kong please update DNSCrypt to v2 because v1 is down

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
ciscodlink
DD-WRT User


Joined: 13 May 2014
Posts: 273

PostPosted: Mon Apr 30, 2018 14:49    Post subject: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!
Sponsor
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Mon Apr 30, 2018 16:31    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!


With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
ciscodlink
DD-WRT User


Joined: 13 May 2014
Posts: 273

PostPosted: Mon Apr 30, 2018 16:43    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!


With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.


Hm thats really bad news Sad
But maybe its still worth a try or could be optimized for routers?

Thanks for your feedback!
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 2670
Location: Indy

PostPosted: Mon Apr 30, 2018 17:08    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
Unbound is supposed to have support for dns via tls support, thus might be the better solution.
If that's the case, then dnscrypt (v1) can be removed, right?

Perhaps this helps: https://blog.cloudflare.com/dns-over-tls-for-openwrt/ Smile

_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250
|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4


Last edited by jwh7 on Mon Apr 30, 2018 20:02; edited 1 time in total
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 445

PostPosted: Mon Apr 30, 2018 18:36    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
jwh7 wrote:
If that's the case, then dnscrypt (v1) can be removed, right?


Hang on a second!!!!!!

I'm not arguing the inevitable but I am currently using 4 DNSCrypt servers that also do DNSSEC without much issue

Sooooo....maybe we can wait a few more days before scrapping it entirely??......please Rolling Eyes

Unless Unbound is mature, all what some say it is and able to do what DNSCrypt can...for some of us at least

And maybe have a dd-wrt wiki existing on it??

I know..asking too much...

We will get what we get & we.. at least I will be thankful!!

_________________
Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN

Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Mon Apr 30, 2018 20:45    Post subject: Reply with quote
So I ended up troubleshooting a network issue for a while not realising it was DNSCrypt all a long. Oops. Wish I'd seen this post earlier!

Potenitally Entware is an option to continue using DNSCrypt, currently has the old 1x version, but will be updated soonish, or perhaps move over to ubound as others have said.

In fact the arm binary on the official GitHub page works on armv7:

https://github.com/jedisct1/dnscrypt-proxy/releases

I personally have too much dependency on dnsmasq currently with ipset (split VPN tunnel stuff), so I'll be sticking with dnsmasq.

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1847
Location: Canada

PostPosted: Sat Jun 09, 2018 19:41    Post subject: Reply with quote
I have 4 r7000s (families and my own) using dnsmasq's DNSCrypt without issues with an uptime of over 45 days.

Thanks James2k for the link, if DNSCrypt v1 stops working on the servers I use but so far DNSCrypt v1 is Golden.

_________________
Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r52330 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Thu Jul 12, 2018 3:38    Post subject: Reply with quote
This doesn't fix things for DD-WRT, and I've been out of pocket on these forums for a while, but I recently moved DNSCrypt to a Raspberry Pi that is also running Pi-Hole.

Router/clients -> Pi-Hole -> loopback to DNSCrypt port -> out to OpenDNS

Took me a bit to get the Pi-Hole and DNSCrypt pieces to both work on start up and some other desired config with correct user permissions etc., but is all working very nicely now.

Let me know if you would like more information.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
Brimmy
DD-WRT User


Joined: 29 Mar 2015
Posts: 398

PostPosted: Thu Jul 12, 2018 3:48    Post subject: Reply with quote
mac913 wrote:
I have 4 r7000s (families and my own) using dnsmasq's DNSCrypt without issues with an uptime of over 45 days.

Thanks James2k for the link, if DNSCrypt v1 stops working on the servers I use but so far DNSCrypt v1 is Golden.

Shocked ould you please shard these settings cause DNSCrypt V1 kills my internet and this has been since 34760, i think.
buffalo0207
DD-WRT User


Joined: 30 Apr 2014
Posts: 147
Location: UK

PostPosted: Thu Jul 12, 2018 9:40    Post subject: Reply with quote
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.

Cheers...
ludacrisvp
DD-WRT User


Joined: 21 Feb 2015
Posts: 102

PostPosted: Thu Jul 12, 2018 13:31    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.


When you say large memory footprint is this flash memory or process memory?
I've got 512MB RAM in the 1900DHP, and I'd suspect that there is likely more room in the flash memory as well.
And there are likely many other routers out there with a decent amount of hardware these days.
Alternatively, if it comes down to a flash constraint, could it be split up to leverage jffs2 flash space instead?

_________________
Routers:
WXR-1900DHP - Active (main) - v3.0-r36070M kongac (05/31/18 )
WZR-N600DHP - Wired AP - v3.0-r33679 BS (11/04/17)
WNDR-3400 - retired to its box for several years
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Thu Dec 27, 2018 3:44    Post subject: Reply with quote
buffalo0207 wrote:
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.

Cheers...

Sorry for not responding sooner. I used this tutorial: https://itchy.nl/raspberry-pi-3-with-openvpn-pihole-dnscrypt.

I only implemented pihole and dnscrypt.

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Thu Dec 27, 2018 7:12    Post subject: Reply with quote
yep DNSCrypt is a killer, its a nice thing to have..
i don't have any troubles with it its been working fairly with no issues at all its very much about the correct server used as many of them tend to go down for either maintenance or anything else quite often...
those once i choose are stable and do work most of the time...
DNSCrypt is also very NTP time dependant so if its not working DNSCrypt makes an issues so those one that complain check your NTP time servers
DNSCrypt encrypts and DNSSEC all the DNS requests in both directions so UNbound and DNS over TLS or Doh are not the same at all...DNSCrypt provides much more security as well DNSSEC, DoH and Tls
sadly the new DNSCrypt is using Go Lang and its huge
so if there is any compress trick to be able to fit it in to the Flash size than it will be awesome to have it otherwise we can use it on computer level if so...
the other alternative will be DoH POST option as tls is more easy to monitor and hack unless its not tls 1.3 but most of the openDNS like 9.9.9.9 & 1.1.1.1 already support DoH and Tls
i guess this thing might even help on router level... https://blog.technitium.com/2018/12/configuring-dns-over-tls-and-dns-over.html

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 445

PostPosted: Thu Dec 27, 2018 18:18    Post subject: Reply with quote
I agree....DNScrypt still running strong here with four servers all also using DNSSEC

Although one of them has a rekey issue for an hour or two each day.....assuming that would be a timezone issue

As far as the NTP issues many have reported......here are my two cents

<Kong> fixed that a long time ago

You have to leave the box blank and only select a timezone

Now here is the catch that seams to get many

In my testing in the past...once you enter anything...whether it be a name or ip address....then delete it...something gets left behind in the nvram....causing it to not work properly

Only solution is to "erase nvram" if on an older firmware or "nvram erase" if on a more current build......gui reset to default may also work...but personally I never tested it for this issue

For completeness....if I only use one DNScrypt server through the gui...it sometimes takes up to five minutes to get the enitial time after a reboot?

When run from command line in a startup script using the four servers....the time is always set on the first try?

_________________
Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN

Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Fri Dec 28, 2018 18:42    Post subject: Reply with quote
216.239.35.4 paste it in the NTP box and select your time zone it never failed... Wink its one of the GGL ntp time servers and if you use a name instead of IP its buggy..
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum