Dnscrypt from opendns

[bayern1975]

more then a half dnscrypt providers do not working....how to easy test if provider working or not.....

 

[Cake]

more then a half dnscrypt providers do not working....how to easy test if provider working or not.....

Get resolvers-check.sh from https://github.com/jedisct1/dnscrypt-proxy, then

sudo chmod a+x resolvers-check.sh

and run it

sudo sh resolvers-check.sh

If you watch the terminal screen it will tell you the ones that are working in the dnscrypt-resolvers.csv. I am not sure if you need everything in the same dir or not when you run the script.

 

[cyan]

Since my ISP decided to add transparent DNS,
I follow the guide in the https://github.com/RMerl/asuswrt-merlin/wiki/Secure-DNS-queries-using-DNSCrypt
so far no luck. dnsleak test still show I'm using ISP dns.
dnscrypt work if I install it on PC, so I must do something work with router install.
Do I need to tweak something ?

btw my setup *if it matter
modem (from ISP 192.168.0.1) => DMZ into RT-N66U(192.168.0.2 on wan, 192.168.1.1 on lan)
I can't use bridge, because my phone will be dead if I bridge the modem => router

Thank you

 

[shooter40sw]

Hi, I just upgraded entware to the entware-ng, I had dnscrypt running fine with the Merlin 56_2 on an N66U, no issues until now, dnscrypt just does not start, I can manually do it, and it starts running, but as soon as I reboot the router it does not work, I followed the instructions on github, have the fakeclock installed and I have no issues with the NTP
This code shows up as soon as I run the S09dns.. manually

ov 14 13:49:19 syslog: - [cisco-port53] logs your activity - a different provider might be better a choice if privacy is a concern
Nov 14 13:49:19 dnscrypt-proxy[814]: Starting dnscrypt-proxy 1.6.0
Nov 14 13:49:19 dnscrypt-proxy[814]: Proxying from 127.0.0.1:65053 to 208.67.220.220:53
Nov 14 09:19:20 Scorpio: Started  from .

Looks Like fake clock has something to do because of the timestamp, Im trying to run fakeclock and I get this

:/tmp/mnt/sda1/logs# /opt/etc/init.d/S01fake-hwclock start
Loading system clock from file...
Current system time: 2015-11-14 14:05:38
fake-hwclock saved clock information is in the past: 2015-11-14 14:05:34
To set system time to this saved clock anyway, use "force"

If I run just the fake-hwclock It does not give any input, I gives the same error, any suggestions?
Thanks

 

[Observer09]

After some events of DNScrypt problem and RT-N66U self factory reset, I decided to reflash it using with V14E1 and Asus Firmware Restoration tool. But after factory reset and restoring the setup by hand, now DNScrypt doesn't running. No dnscrypt-proxy lines in the sylog. I suspecting entware doesn't running too.

Reflash it using Firmware-Upgrade page doesn't solve the problem.

 

[Observer09]

After some events of DNScrypt problem and RT-N66U self factory reset, I decided to reflash it using with V14E1 and Asus Firmware Restoration tool. But after factory reset and restoring the setup by hand, now DNScrypt doesn't running. No dnscrypt-proxy lines in the sylog.

It seem working when I start it manually, but still cannot start automatically

 

[john9527]

It seem working when I start it manually, but still cannot start automatically

Starting with V14, the setting to enable/disable the running of scripts was backported from Merlin. Do you have scripts enabled on the Administration > System tab?

 

[Observer09]

Starting with V14, the setting to enable/disable the running of scripts was backported from Merlin. Do you have scripts enabled on the Administration > System tab?

You mean under "Persistent JFFS2 partition" settings? I've always enabled it before installing entware.

 

[shooter40sw]

Hi guys, still a no go with this, nobody with latest Merlin version R66U, and new entware-ng? dnscrypt was working before upgrade, the only issue I see now is that fakeclock is not updating, I waited a few days and dnscrypt only runs if I manually start it, but not at reboot. The time on fakeclock, in the

 cat /opt/etc/fake-hwclock.data
2015-11-17 12:58:28

When the ntp time in my zone is
# date
Tue Nov 17 08:43:38 GMT 2015
Dont know if @ryzhov_al has have any issues with this?
Thanks

Hi, I just upgraded entware to the entware-ng, I had dnscrypt running fine with the Merlin 56_2 on an N66U, no issues until now, dnscrypt just does not start, I can manually do it, and it starts running, but as soon as I reboot the router it does not work, I followed the instructions on github, have the fakeclock installed and I have no issues with the NTP
This code shows up as soon as I run the S09dns.. manually

ov 14 13:49:19 syslog: - [cisco-port53] logs your activity - a different provider might be better a choice if privacy is a concern
Nov 14 13:49:19 dnscrypt-proxy[814]: Starting dnscrypt-proxy 1.6.0
Nov 14 13:49:19 dnscrypt-proxy[814]: Proxying from 127.0.0.1:65053 to 208.67.220.220:53
Nov 14 09:19:20 Scorpio: Started  from .

Looks Like fake clock has something to do because of the timestamp, Im trying to run fakeclock and I get this

:/tmp/mnt/sda1/logs# /opt/etc/init.d/S01fake-hwclock start
Loading system clock from file...
Current system time: 2015-11-14 14:05:38
fake-hwclock saved clock information is in the past: 2015-11-14 14:05:34
To set system time to this saved clock anyway, use "force"

If I run just the fake-hwclock It does not give any input, I gives the same error, any suggestions?
Thanks

 

[owine]

Hi guys, still a no go with this, nobody with latest Merlin version R66U, and new entware-ng? dnscrypt was working before upgrade, the only issue I see now is that fakeclock is not updating, I waited a few days and dnscrypt only runs if I manually start it, but not at reboot. The time on fakeclock, in the

 cat /opt/etc/fake-hwclock.data
2015-11-17 12:58:28

When the ntp time in my zone is
# date
Tue Nov 17 08:43:38 GMT 2015
Dont know if @ryzhov_al has have any issues with this?
Thanks

I have not yet had a reboot since upgrading to -ng, but by running the init script, it is passing the load command to fake-hwclock. Try manually running fake-hwclock or fake-hwclock save once you have synced with NTP, this will save the time in the file.

 

[bayern1975]

dnsmachine.net-de dnscrypt server was my favorite server but do not working almost one month...

 

[shooter40sw]

I tried manually and nothing, I just got it back up, I had to uninstall entware, delete the old scripts in jffs, and install and configure everything form scratch, now dnscrypt is running again, my issue began after the first reboot, hope you dont get the same issue after boot.
Thanks

I have not yet had a reboot since upgrading to -ng, but by running the init script, it is passing the load command to fake-hwclock. Try manually running fake-hwclock or fake-hwclock save once you have synced with NTP, this will save the time in the file.

 

[Milli]

Hello,

I was hoping someone might be able to help me figure out why I am unable to get dnscrypt to work on my Asus RT-AC3200 router with Merlin FW 378.56_2, dnscrypt 1.60.

I tried to "opkg remove dnscrypt-proxy" and re-install. In my syslog it seems to show each dnscrypt server selection I have made after reinstalling as well. Not sure if there is a way to clear this?

I have been trying to go through all these forums and maybe I missed something. Everything allowed me to install fine. I still am able connect to the internet, but when I run "dnscrypt-proxy -R dnscrypt.org-fr" it comes up with: [ERROR] Unable to bind (UDP) [Address already in use]

admin@Mifi:/tmp/mnt/dnscrypt/entware.arm# dnscrypt-proxy -R dnscrypt.org-fr
[INFO] + DNS Security Extensions are supported
[INFO] + Namecoin domains can be resolved
[INFO] + Provider supposedly doesn't keep logs
[NOTICE] Starting dnscrypt-proxy 1.6.0
[INFO] Generating a new session key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Address already in use]
admin@Mifi:/tmp/mnt/dnscrypt/entware.arm#

Here is the printout from "cat /jffs/configs/dnsmasq.conf.add":

admin@Mifi:/tmp/mnt/dnscrypt/entware.arm# cat /jffs/configs/dnsmasq.conf.add
no-resolv
server=127.0.0.1#65053

Here is the cat for resolv.conf, resolv.dnsmasq and dnsmasq.conf:

admin@Mifi:/tmp/home/root# cat /tmp/resolv.conf
admin@Mifi:/tmp/home/root# cat /tmp/resolv.dnsmasq
admin@Mifi:/tmp/home/root# cat /etc/dnsmasq.conf
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=ppp1*
no-dhcp-interface=ppp1*
resolv-file=/tmp/resolv.conf
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=Mifi
expand-hosts
dhcp-range=lan,10.0.0.2,10.0.0.254,255.255.255.0,86400s
dhcp-option=lan,3,10.0.0.1
dhcp-option=lan,15,Mifi
dhcp-option=lan,44,10.0.0.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
read-ethers
addn-hosts=/etc/hosts.dnsmasq
no-resolv
server=127.0.0.1#65053
admin@Mifi:/tmp/home/root#

These are all the dnscrypt lines from the syslog:

Jul 31 17:01:00 usb: USB ext3 fs at /dev/sda1 mounted on /tmp/mnt/dnscrypt.
Jul 31 17:01:01 custom script: Running /jffs/scripts/post-mount (args: /tmp/mnt/dnscrypt)
...
Dec  4 15:34:34 dnscrypt-proxy[840]: Starting dnscrypt-proxy 1.6.0
Dec  4 15:34:34 admin: Started  from .
Dec  4 15:34:34 dnscrypt-proxy[840]: Proxying from 127.0.0.1:65053 to 23.226.227.93:443
...
Jul 31 17:01:01 usb: USB ext3 fs at /dev/sda1 mounted on /tmp/mnt/dnscrypt.
.
Jul 31 17:01:01 custom script: Running /jffs/scripts/post-mount (args: /tmp/mnt/dnscrypt)
...
Dec  5 18:51:09 dnscrypt-proxy: - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
Dec  5 18:51:09 dnscrypt-proxy[834]: Starting dnscrypt-proxy 1.6.0
Dec  5 18:51:09 dnscrypt-proxy[834]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
...
Jul 31 17:01:01 usb: USB ext3 fs at /dev/sda1 mounted on /tmp/mnt/dnscrypt.
Jul 31 17:01:02 custom script: Running /jffs/scripts/post-mount (args: /tmp/mnt/dnscrypt)
...
Jul 31 17:01:03 dnscrypt-proxy[823]: Starting dnscrypt-proxy 1.6.0
Jul 31 17:01:03 dnscrypt-proxy[823]: Proxying from 127.0.0.1:65053 to 23.226.227.93:443

Please help! Thank you.

 

[spalife]

Issue is not clear ...

It seems you are able to connect to the Internet and also syslog does not throw any errors when dnscrypt-proxy is starting up.

It seems you are only worried about encountering UDP error when you run from the shell line dnscrypt-proxy server again....

try from shell (aka command line)
top
or
htop (if installed)

and check if dnscrypt-proxy is already running and
also check if some other utility is using that port i.e., 65053

Also Try (for testing)
killall dnscrypt-proxy
(or any other app which is using that port (if not needed) and run the below command if you want to try again)

/opt/sbin/dnscrypt-proxy --local-address=127.0.0.1:65053 --ephemeral-keys --daemonize -R dnscrypt.org-fr

 

[Milli]

Spalife:

Ah. So I ran htop and found that dnscrypt-proxy was running already with the local address 127.0.0.1:65053. I ran killall dnscrypt-proxy and /opt/sbin/dnscrypt-proxy --local-address=127.0.0.1:65053 --ephemeral-keys --daemonize -R dnscrypt.org-fr. Ran htop again and it was running correctly as it should.

The issue I guess that I am seeing is, when I go to the test sites to see if dnscrypt is working properly it is suggesting that I do not correctly have it configured. But when I enable dnscrypt proxy directly from my machine and return to those sites, it confirms that my configuration is working properly. Images also attached.

So it appears that it is running on my router, but when I run tests with just dnscrypt-proxy running from my router it fails.

 

[spalife]

I cannot see what is the DNS being detected by the sites you used for DNSSEC test.

First go to https://ipleak.net/

There is a section on the site (attached image) which tells you whether you are using dnscrypt.org-fr i.e., 212.47.228.136 (attached a image).

Even I use dnscrypt.org-fr and
1. ipleak.net shows me that I use the 212.47.228.136 as DNS Resolver
2. http://dnssec.vs.uni-due.de/ (tells me that DNSSEC validation is done)



3. https://dnssectest.sidnlabs.nl/test.php (tells me I am protected with DNSSEC)

Attached images for all the above

 

[spalife]

 

[spalife]

Spalife:

Ah. So I ran htop and found that dnscrypt-proxy was running already with the local address 127.0.0.1:65053. I ran killall dnscrypt-proxy and /opt/sbin/dnscrypt-proxy --local-address=127.0.0.1:65053 --ephemeral-keys --daemonize -R dnscrypt.org-fr. Ran htop again and it was running correctly as it should.

The issue I guess that I am seeing is, when I go to the test sites to see if dnscrypt is working properly it is suggesting that I do not correctly have it configured. But when I enable dnscrypt proxy directly from my machine and return to those sites, it confirms that my configuration is working properly. Images also attached.

So it appears that it is running on my router, but when I run tests with just dnscrypt-proxy running from my router it fails.

Wait a second ....

Are you running dnscrypt-proxy both on your machine and also on the router ?

My Question is
1. Why ?
(you only need to run dnscrypt-proxy on either the router or machine not both)

2. What steps are you undertaking to test your dnscrypt-proxy installation ?

3. How are you testing ?

 

[joegreat]

Hello,

I was hoping someone might be able to help me figure out why I am unable to get dnscrypt to work on my Asus RT-AC3200 router with Merlin FW 378.56_2, dnscrypt 1.60.

I tried to "opkg remove dnscrypt-proxy" and re-install. In my syslog it seems to show each dnscrypt server selection I have made after reinstalling as well. Not sure if there is a way to clear this?

I have been trying to go through all these forums and maybe I missed something. Everything allowed me to install fine. I still am able connect to the internet, but when I run "dnscrypt-proxy -R dnscrypt.org-fr" it comes up with: [ERROR] Unable to bind (UDP) [Address already in use]

Here is the printout from "cat /jffs/configs/dnsmasq.conf.add":

These are all the dnscrypt lines from the syslog:

Jul 31 17:01:03 dnscrypt-proxy[823]: Starting dnscrypt-proxy 1.6.0
Jul 31 17:01:03 dnscrypt-proxy[823]: Proxying from 127.0.0.1:65053 to 23.226.227.93:443

Hi,

The error is normal if dnscrypt is already running - you cannot start it twice as the port is used already!
Go to /opt/etc/init.d and stop it first with ./S09dnscrypt-proxy stop and then you can start it manually with the listed command.

The other question is why your log only shows dnscyrpt entries from July? Now we have December...???
Can you please post more recent syslog.log snippets?

With kind regards
Joe

 

[Milli]

Hm. Okay.

Spalife: I went to https://ipleak.net for my DNS Address Detection it comes up with 6 different servers. All of which belong to OpenDNS. Before I started trying to setup dnscrypt-proxy I had my router setup to use OpenDNS servers.

The reason I have it setup on my machine as well was to test to make sure that I could get it to work and see the difference between a successful test and what was happening with my router. I only set it up on my desktop machine for test purposes. I want it running on my router so that it works for all my devices on the network.

After I setup the dnscrypt-proxy on the router (and on the pc), each time I changed the settings I was flushing my dns settings from the machine I was testing from. Then I was going to those sites that you posted two pics of above.



joegreat: I'm not sure why the logs say that. I only installed the Merlin FW for the first time about a week or two ago. And dnscrypt-proxy I only installed a couple of days ago for the first time. The only thing that I can think of as to why it says that in the logs is when I followed the installation guide it said to install fake-hwclock. I have since removed fake-hwclock from entware/asusmerlin.