Menu
What's new
By:
Filters Better Search

Dnscrypt from opendns

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thanks to all involved for this for me the asusart-merlin guide worked for the most part, but I manually downloaded the newer csv file and did the trick to add a secondary dns as well.
 
someone here to know if will dnscrypt.me resolver back online?

sent from Kodi 17 Krypton
 
Something I ran into today...thought will help others if they encounter the same issue

Done a monthly
opkg update
opkg upgrade

It upgraded libsodium
Upgrading libsodium on root from 1.0.6-1 to 1.0.8-1...
Downloading http://pkg.entware.net/binaries/mipsel/libsodium_1.0.8-1_mipselsf.ipk.
Removing obsolete file /opt/lib/libsodium.so.17.
Removing obsolete file /opt/lib/libsodium.so.17.0.0.

Ran into issue when trying to run dnscrypt-proxy as it was looking for libsodium.so.17

execute dnscrypt-proxy
/tmp/mnt/XXXX/entware/sbin/dnscrypt-proxy: can't load library 'libsodium.so.17'


Solved the issue by
cd /opt/lib
ln -s libsodium.so.17 libsodium.so.18.0.1

Now dnscrypt-proxy starts without issue

This looks like a temp fix, what would be a proper resolution?
 
bayern1975 said:
someone here to know if will dnscrypt.me resolver back online?

sent from Kodi 17 Krypton
Click to expand...


Why the attachment/fascination to/with dnscrypt.me resolver ?

There are better resolvers
cloudns-syd
dnscrypt.org-fr
dnscrypt.eu-dk
 
spalife said:
Why the attachment/fascination to/with dnscrypt.me resolver ?

There are better resolvers
cloudns-syd
dnscrypt.org-fr
dnscrypt.eu-dk
Click to expand...
1.resolver is good but very slow
2.resolver could be the best at the moment but i got a lot messages: received suspicius reply from resolver
3.resolver do not have dnssec support

sent from Kodi 17 Krypton
 
So I got this set up but I have a question:

As someone based in the USA, the choices of resolves which include DNSSEC and Nologging is non-existent, is there any advantage/disadvantage to using a resolver in another country (other than perhaps latency)?

Also, is there anywhere that you can get an overview of the performance/reliability of the different resolvers to aid in the choice?
 
werkkrew said:
As someone based in the USA, the choices of resolves which include DNSSEC and Nologging is non-existent, is there any advantage/disadvantage to using a resolver in another country (other than perhaps latency)?
Click to expand...
Disadvantage is that you will be directed to severs which might not be near to you and this leads to slower response and longer load times.
I also run dnscrypt-proxy against a server outside of my place/country/region, but it's not to bad as I have a very good internet connection.

werkkrew said:
Also, is there anywhere that you can get an overview of the performance/reliability of the different resolvers to aid in the choice?
Click to expand...
Well, I did a small test/search at the beginning of my usage, but I gave up as most of the servers are not very well managed and therefore not stable and always available.
I ended up using OpenDNS as it fulfills my needs: having a DNS server which is not following my country's restrictions...
 
werkkrew said:
So I got this set up but I have a question:

As someone based in the USA, the choices of resolves which include DNSSEC and Nologging is non-existent, is there any advantage/disadvantage to using a resolver in another country (other than perhaps latency)?

Also, is there anywhere that you can get an overview of the performance/reliability of the different resolvers to aid in the choice?
Click to expand...


You should check out
cloudns-syd
cloudns-can
dnscrypt.eu-dk

1. They are DNSSEC enabled, Non Logging servers.
2. Performance/Reliability is good.
3. Latency would be for initial hit,
per my understanding subsequent requests would be served from cache
4. Start multiple instances of dnscrypt-proxy with different resolvers to service
your DNS needs as a fallback for any resolver failure
 
Last edited:
Is there a way to have the system fall back to traditional DNS (non dnscrypt) if multiple resolvers fail or the dnscrypt system wont start due to the pesky NTP issues?
 
finally got dnscrypt set up on my router thanks to this thread! i'm also in the USA (east coast)... almost zero servers around here and I don't really trust the cisco ones. i set it up with the shea-us-noads server which is apparently hosted by rackspace and haven't had any issues. it does do dnssec according to a couple sites i found (google dnssec test) and it does a decent job at blocking ads too.
 
lanadelrey said:
finally got dnscrypt set up on my router thanks to this thread! i'm also in the USA (east coast)... almost zero servers around here and I don't really trust the cisco ones. i set it up with the shea-us-noads server which is apparently hosted by rackspace and haven't had any issues. it does do dnssec according to a couple sites i found (google dnssec test) and it does a decent job at blocking ads too.
Click to expand...

I tried those and when I ran some tests it seemed sort of shady, specifically the DNS leak test listed about 30 DNS servers...
 
hmmm... i see that as well. but they all say Google. and the dnssec tests still pass. why would the dns leak test show all Google servers? is it a concern even with dnssec? i haven't noticed any issues and I'd actually trust Google more than some random server but i don't understand why it's like that?
 
lanadelrey said:
hmmm... i see that as well. but they all say Google. and the dnssec tests still pass. why would the dns leak test show all Google servers? is it a concern even with dnssec? i haven't noticed any issues and I'd actually trust Google more than some random server but i don't understand why it's like that?
Click to expand...

I didn't either. I noticed that the guy who added those servers to the list was a brand new github account with no other activity too, so it was sort of shady to me. I could just be paranoid but I'd rather use the OpenDNS ones than those until I have some idea of who runs them.
 
which dnscrypt proxy server support both ipv4 and ipv6 at same time? today i activated ipv6 and see at dnsleaktest that ipv6 protocol isn`t encrypted just ipv4.....using 4armed dnscrypt proxy at the moment....hmm, i think i need edit my script for using both protocol? this is from my syslog and first and second address are from my ISP....
Code: 
Mar 11 12:09:07 dnsmasq[994]: using nameserver 2a00:ee0:d::55#53
Mar 11 12:09:07 dnsmasq[994]: using nameserver 2a00:ee0:d::13#53
Mar 11 12:09:07 dnsmasq[994]: using nameserver 127.0.0.1#65053

and script for dnscrypt proxy:
Code: 
#!/bin/sh

ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="--local-address=127.0.0.1:65053 --daemonize -R dnscrypt.eu-dk-ipv6"
PREARGS=""
DESC=
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func
 
Last edited:
ryzhov_al said:
Almost every of them. dnscrypt.eu-dk-ipv6 is just a IPv6 address of dnscrypt server.
Click to expand...
so i have to edit something at my scripts in router? i see there that nameserver using DNS of my ISP and not from dnscrypt resolver....

sent from Kodi 17 Krypton
 
Just re-install dnscrypt-proxy, using this how-to. You may check IPv6 addresses are resolved by current dnscrypt server by:
Code: 
opkg install dnscrypt-proxy bind-dig
# chose some dnscrypt server
/opt/etc/init.d/S09dnscrypt-proxy start
dig @127.0.0.1 -p 65053 ya.ru AAAA
You'll get something like that:
Code: 
# dig @127.0.0.1 -p 65053 ya.ru AAAA

; <<>> DiG 9.9.8-P3 <<>> @127.0.0.1 -p 65053 ya.ru AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46218
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ya.ru.  IN  AAAA

;; ANSWER SECTION:
ya.ru.  600  IN  AAAA  2a02:6b8::3

;; Query time: 66 msec
;; SERVER: 127.0.0.1#65053(127.0.0.1)
;; WHEN: Fri Mar 11 15:46:30 UTC 2016
;; MSG SIZE  rcvd: 62

So, you'll get IPv6 (AAAA) DNS records no matter you are on IPv6-enabled router or not.
 
You must log in or register to reply here.

Similar threads

S
Guide Wireguard-portforwarding
Replies
13
Views
627
ZebMcKayhan
Z
H
DNScrypt cant start/uninstall dnscrypt
Replies
7
Views
697
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
B
GT-AX11000E - Random DNS Resolution Errors on Wireless Devices - Where Should I Look at? DNSCrypt or DNSMasq or Else?
Replies
1
Views
897
bloomwow
B
Addz89
Asus ax5400 and AX82U merlin
Replies
0
Views
733
Addz89
Addz89
T
Merlin 3004.388.6 for AX56u?
Replies
7
Views
808
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,254 (members: 26, guests: 1,228)
Top