DNScrypt dnscrypt installer for asuswrt

[Treadler]

Pidof just tells you that the process is running and returns the process id. It doesn't actually test the connection.

You have to run ./dnscrypt-proxy -resolve cloudflare-dns.com inside the /jffs/dnscrypt/ folder

Thanks for that!

 

[blueshark]

There some way to access dnscrypt menu

 

[skeal]

There some way to access dnscrypt menu

You can rerun the installer again or you could install amtm. AMTM is a terminal menu with some popular scripts including dnscrypt.

 

[skeal]

https://www.snbforums.com/threads/amtm-the-snbforum-asuswrt-merlin-terminal-menu-v1-2.42415/

 

[M@rco]

There some way to access dnscrypt menu

The menu is included in the installer, which is deleted after installation. To access the menu again, you need to download the installer again. If you don't have amtm installed, like @skeal suggested above, it's probably easier to just execute

curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer

This is the one-line installer command from the first post of this thread. Just open a terminal to connect to your router and run the command and the menu will appear. It'll recognize an existing installation and you'll have the possibility to start fresh or edit your existing configuration.

 

[DonnyJohnny]

I think @AtAM1 mis-interpreted his quoted paragraphs from CF's blog post.

The paragraphs basically said that their DNS servers at their point-of-presence's pre-fill the cache with common domains at start-up.

I believe the dude who wrote the blog made the article in a way like a story and more interesting to read.

The facts are that Frankfurt being closers to root servers will take less time to resolve from scratch. Buenos Aires being farther away from root servers will take longer to resolve.

Hence, CF pre-fills their DNS servers at Buenos Aires. It doesn't imply they pre-fill by copying from Frankfurt or other PoP's cache. Nor it implies DNS servers at Frankfurt won't pre-fill on start-up. Since all PoPs running the same software stack (I assume), it's reasonable to expect all DNS servers at their PoPs do pre-filling with locally resolved data.

Frankly I can't tell if all CF PoPs have CDNs properly resolved to best possible proximity. At their "major" PoPs in each continent, I have little doubt about that. Most likely it's a geo db "issue" as I mentioned before.

I tried facebook, twitter, linkedin. All get back with IPs a few ms away. But their geo data say some IPs are in Ireland and others are in US. That's simply not possible in physics.

quad9, however, does get me an IP of linkedin which is 180ms away. But I have less faith in quad9..That also means we can't rule out CF might have glitches in their less "major" PoPs.

Just some question about CDN.
i read about EDNS not provided by cloudflare for privacy reason. Wonder how it determine the country i am connected from. For example the POP is same as my country and the ping is like 6ms. When getting data from CDN, does it provided the geo info based on the POP I am connected with?
So far i dont really see great speed difference in surfing or viewing video.

kindly advise how it would?

 

[skeal]

I just loaded 2.0.11 and it only lists cloudflare dns as a live server in my syslog out put. I also added google dns to the setup so it should show both and then select the best based on p2 setting. In the .toml file it shows both servers being selected. It used to show both and pick the fastest in the syslog. What changed?
EDIT: Further info collected. I did a fresh install of this script. If you change fallback resolver from 8.8.8.8:53 to 1.1.1.1:53 You lose the second resolver you selected manually. In my case I use cloudflare as first choice and google as second both DoH. The different logs to syslog are:

Results with fall back resolver to 1.1.1.1:53 with two manually selected DoH servers. cloudflare and google.

May  4 18:09:18 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:09:18 dnscrypt-proxy[20695]: Source [public-resolvers.md] loaded
May  4 18:09:18 dnscrypt-proxy[20695]: dnscrypt-proxy 2.0.11
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:09:18 dnscrypt-proxy[20695]: [cloudflare] OK (DoH) - rtt: 26ms
May  4 18:09:19 dnscrypt-proxy[20695]: Server with the lowest initial latency: cloudflare (rtt: 26ms)
May  4 18:09:19 dnscrypt-proxy[20695]: dnscrypt-proxy is ready - live servers: 1

This one is with the fall back as default 8.8.8.8:53 using the same manually selected DoH servers.

May  4 18:11:13 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:11:13 dnscrypt-proxy[20888]: Source [public-resolvers.md] loaded
May  4 18:11:13 dnscrypt-proxy[20888]: dnscrypt-proxy 2.0.11
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:11:14 dnscrypt-proxy[20888]: [cloudflare] OK (DoH) - rtt: 34ms
May  4 18:11:14 dnscrypt-proxy[20888]: [google] OK (DoH) - rtt: 120ms
May  4 18:11:14 dnscrypt-proxy[20888]: Server with the lowest initial latency: cloudflare (rtt: 34ms)
May  4 18:11:14 dnscrypt-proxy[20888]: dnscrypt-proxy is ready - live servers: 2

Am I expecting something the script cannot do or...? I want to use these two servers and use 1.1.1.1:53 as a fall back.

 

[Twiglets]

I just loaded 2.0.11 and it only lists cloudflare dns as a live server in my syslog out put. I also added google dns to the setup so it should show both and then select the best based on p2 setting. In the .toml file it shows both servers being selected. It used to show both and pick the fastest in the syslog. What changed?

As far as I Know nothing has changed.
I am using 2.0.11 and it is working as usual.

Only problem I am getting is that 'cloudflare' appears to be variable in rtt sometimes 15ms up to 50+ms ????
Occasionally, I have to re-start dnscrpyt-proxy to get the performance back.
Don't know if this is 'cloudflare' or dnscrypt-proxy.

Getting lots of the following messages in the log (which eventually leads to me re-starting dnscrypt-proxy):

May 4 22:23:15 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues
May 4 22:23:21 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues
May 4 22:23:28 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues
May 4 22:23:34 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues
May 4 22:23:40 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues

EDIT:
If I use opendns the performance is always quicker and I do not get any of the above error messages. !!! ???

 

[roscoe211]

No problem here with cloudflare ipv6 via DOH on 2.0.11. Running 380.70 on ac68. rtt does fluctuate between 10-25ms, but no errors.

 

[skeal]

@bigeyes0x0 I did some more research and this is what I found:

I just loaded 2.0.11 and it only lists cloudflare dns as a live server in my syslog out put. I also added google dns to the setup so it should show both and then select the best based on p2 setting. In the .toml file it shows both servers being selected. It used to show both and pick the fastest in the syslog. What changed?
EDIT: Further info collected. I did a fresh install of this script. If you change fallback resolver from 8.8.8.8:53 to 1.1.1.1:53 You lose the second resolver you selected manually. In my case I use cloudflare as first choice and google as second both DoH. The different logs to syslog are:

Results with fall back resolver to 1.1.1.1:53 with two manually selected DoH servers. cloudflare and google.

May  4 18:09:18 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:09:18 dnscrypt-proxy[20695]: Source [public-resolvers.md] loaded
May  4 18:09:18 dnscrypt-proxy[20695]: dnscrypt-proxy 2.0.11
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:09:18 dnscrypt-proxy[20695]: [cloudflare] OK (DoH) - rtt: 26ms
May  4 18:09:19 dnscrypt-proxy[20695]: Server with the lowest initial latency: cloudflare (rtt: 26ms)
May  4 18:09:19 dnscrypt-proxy[20695]: dnscrypt-proxy is ready - live servers: 1

This one is with the fall back as default 8.8.8.8:53 using the same manually selected DoH servers.

May  4 18:11:13 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:11:13 dnscrypt-proxy[20888]: Source [public-resolvers.md] loaded
May  4 18:11:13 dnscrypt-proxy[20888]: dnscrypt-proxy 2.0.11
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:11:14 dnscrypt-proxy[20888]: [cloudflare] OK (DoH) - rtt: 34ms
May  4 18:11:14 dnscrypt-proxy[20888]: [google] OK (DoH) - rtt: 120ms
May  4 18:11:14 dnscrypt-proxy[20888]: Server with the lowest initial latency: cloudflare (rtt: 34ms)
May  4 18:11:14 dnscrypt-proxy[20888]: dnscrypt-proxy is ready - live servers: 2

Am I expecting something the script cannot do or...? I want to use these two servers and use 1.1.1.1:53 as a fall back.

 

[mafiaboy01]

Ping seems to be fine for me usually bellow 15ms. I do get some of those errors from time to time but doesn't seem to cause any issues with web browsing etc.

 

[vw-kombi]

I would like to install this - but I want to get all my ducks in align first in case I break it. I already have opendns in use. I use skynet and ab-solution - which play nicely with this from reading the posts.

I think my main question is that I believe this makes mods to the dnsmasq.conf.add in /jffs/configs. I already have a number of lines in there to allow my roku players to use a smart DNS for UK TV streaming (FYA, the firewall way did not work for this). I would like to know that these are still going to work after the script it run, and also when dnsmask is in use :

dhcp-host=set:RKP-LNG,C8:3A:6B:26:F83,192.168.1.24
dhcp-option=tag:RKP-LNG,option:dns-server,108.61.169.104
dhcp-host=set:RK3-BW,AC:3A:7A:39:0B:43,192.168.1.25
dhcp-option=tag:RK3-BW,option:dns-server,108.61.169.104
dhcp-host=set:RK2-MED,AC:3A:7A2:0D:0C:,192.168.1.26
dhcp-option=tag:RK2-MED,option:dns-server,108.61.169.104
dhcp-host=set:RK2-GRG,AC:3A:7A2:69:51,192.168.1.27
dhcp-option=tag:RK2-GRG,option:dns-server,108.61.169.104
dhcp-host=set:RK2-COBY,AC:3A:7A2:88:C8,192.168.1.28
dhcp-option=tag:RK2-COBY,option:dns-server,108.61.169.104
dhcp-host=set:RK3-CAM,DC:3A:5E:FD:FC:66,192.168.1.30
dhcp-option=tag:RK3-CAM,option:dns-server,108.61.169.104
dhcp-host=set:RKP-B1,C8:3A:6B:58:6C:9F,192.168.1.31
dhcp-option=tag:RKP-B1,option:dns-server,108.61.169.104

Thanks,

Can anyone answer this for me ? Before I jump in and get a bolocking from the Wife!

 

[octopus]

Can anyone answer this for me ? Before I jump in and get a bolocking from the Wife!

https://www.snbforums.com/threads/m...ng-off-router-stopping-wol.31950/#post-253501

 

[MasterBash]

DNSCrypt keeps crashing on my AC86U. Totally killing the internet. When I try to access the DNSCrypt menu, it is empty.

I am using AMTM, Ab-solution with AB-Maximum, Pixelserv and Skynet. Although the ram gets really low, I created a swap file using Skynet so it shouldnt be causing any problems.

 

[GoNz0]

Rebooted my router this morning and again lost all DNS until I renamed the dnscrypt folder and rebooted again.

 

[Goobi]

I recently had dnscrypt crash which brought down my internet. Is there a method for it to restart if it goes down for whatever reason? Thanks in advance.

 

[skeal]

I recently had dnscrypt crash which brought down my internet. Is there a method for it to restart if it goes down for whatever reason? Thanks in advance.

This recent version 2 has a watch that checks every 12 hours and starts if needed.

 

[Twiglets]

This recent version 2 has a watch that checks every 12 hours and starts if needed.

I am running dnscrypt-proxy via DoH.
I am finding that dnscrypt-proxy is getting 'lots' of these errors:

May 4 22:23:40 dnscrypt-proxy[26240]: Server [cloudflare] returned temporary error code [2] -- Upstream server may be experiencing connectivity issues

I have added 'cisco' to the list of servers to see if it is more stable and I am getting the same errors from 'cisco'.

This does not make sense as I have previously used 'cisco' as my dns server and never had any errors at all. (2 years +)
Never had a problem accessing dns at all on any computer that came down to 'connectivity issues'.
Misconfiguration ... yes but 'connectivity issues' ... never !!!
Bog-Standard DNS via port 53 has always just worked.

Three times DNS has simply stopped working, all appears to be running BUT no DNS.
I get it back by restarting dnsmasq & dnscrypt-proxy (with a few pokes/prods/waits) ???!!!

I am wondering if the ISP could be 'getting in the way' and periodically dns 'fails' ???!!!
[BTW: Switched off caching in dnscrypt-proxy in case it is involved BUT still getting the same issues.]

This is very strange !!!
Does anyone have ideas of what I could try to diagnose/fix these issues.

Maybe the DoH implementation is not as stable as it could be [V2 cloudflare & V1 cisco] ???

 

[Treadler]

I recently had dnscrypt crash which brought down my internet. Is there a method for it to restart if it goes down for whatever reason? Thanks in advance.

What I did:
(Probably not the ‘proper’ way to do it, but......)

Enable JFFS scripts = no,
Then reboot.
Enable JFFS scripts = yes,
Then reboot.

All should then be good! Worked for me anyhow.

 

[Treadler]

This recent version 2 has a watch that checks every 12 hours and starts if needed.

Probably should check more frequently in a perfect world?
When it stops, no internet for me....... :-(

Only time it has stopped for me though, was after the last 384.5 beta 2 update.
Otherwise all good.