Menu
What's new
By:
Filters Better Search

DNSCrypt is reborn!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

DonnyJohnny

Very Senior Member
New DNSCrypt v2 is here..
https://github.com/jedisct1/dnscrypt-proxy

For people who are interested in getting your hand dirty with this beta, my usual command to have a quick start below.
The precompiled binary is located at
https://github.com/jedisct1/dnscrypt-proxy/releases
Downland the arm version.

Environment I copy them to /jffs and beta 10. Modify to your needs.
Code: 
wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.0beta10/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz -P /jffs

tar -zxvf /jffs/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz -C /jffs && rm /jffs/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz

Config the toml file
nano /jffs/linux-arm/dnscrypt-proxy.toml
(Listening port is 65053, not 53)

Move everything to /jffs/dnscrypt-proxy
cp -f /jffs/linux-arm/* /jffs/dnscrypt-proxy && rm -r /jffs/linux-arm

Create a simple bash script to start the app
nano /jffs/dnscrypt-proxy/start-dnscrypt.sh

Inside the sh file
#!/bin/sh
killall dnscrypt-proxy
logger -t dnscrypt-proxy "Starting DNSCrypt-proxy"
nohup /jffs/dnscrypt-proxy/dnscrypt-proxy -config /jffs/dnscrypt-proxy/dnscrypt-proxy.toml -loglevel 2 2>&1 | logger -t dnscrypt-proxy &

Save it.

Give exec right to sh file
chmod a+rx /jffs/dnscrypt-proxy/start-dnscrypt.sh

Add listening port to dnsmasq
nano /jffs/configs/dnsmasq.conf.add    (If file not found, create it)

Add this and save it.
server=127.0.0.1#65053
server=::1#65053      (If u are using ipv6)
server=/pool.ntp.org/8.8.8.8
server=/raw.githubusercontent.com/8.8.8.8

Restart dnsmasq service
service restart_dnsmasq

Go your router GUI,
Set the Wan and IPv6, to Manual configure and leave dns 1 and dns 2 EMPTY.

You may now start the sh file
/jffs/dnscrypt-proxy/start-dnscrypt.sh

You need to add the sh file to firewall-start script to allow it to load up during reboot.
nano /jffs/scripts/firewall-start      (If file not found, create it and give it exec right,   chmod a+rx /jffs/scripts/firewall-start )

Add this along first line. ( all sh file must have "#!/bin/sh" at first line)
#!/bin/sh
/jffs/dnscrypt-proxy/start-dnscrypt.sh

Save it.

Check your syslog.

It is recommended to create a swap file due to the program is resources hungry. I created my swap via ab-solutions or Skynet.
Personally some of my setting in toml file
daemonize = true
cache=false


Take note that installer in another thread by bigeye0x0 is working on it.
Read here.
https://www.snbforums.com/threads/dnscrypt-is-reborn.43869/page-5#post-374776
 
Last edited:
For a novice user like me, some instruction on installation and usage would be really useful.
 
XIII said:
The pre-compiled ARM binary does work on my RT-AC86U.
Click to expand...

Do you mind sharing what steps you've taken to get it working? I get a fatal error when launching it:

Code: 
./dnscrypt-proxy
[2018-01-13 16:26:17] [-] [NOTICE] [2.dnscrypt-cert.resolver2.dnscrypt.eu.] Valid cert found: [d616d26809d229a79457de073de8ebd83c24bff32bf7b406108b44da51fe3711]
[2018-01-13 16:26:17] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use

What I did so far:

  • downloaded the precompiled binary
  • created a directory /etc/dnscrypt-proxy <-- useless, see post below
  • extracted the contents of the archive into that directory
  • changed permissions on the directory and its contents
  • made the binary executable
  • edited the .toml config file to use the closest dnscrypt server
  • tried to start dnscrypt-proxy
... which resulted in the error above.

I checked whether dns filtering is disabled, which is true, so I don't know what's running at 127.0.0.1:53. Searched the web for info on how to figure it out, but could only find netstat parameters which don't work on our limited version of netstat. htop didn't show any info, as far as I can tell, of which process is using port 53 on my RT-AC68U. Some pointers in the right direction would be appreciated.
 
Last edited by a moderator:
You script guys are awesome!!:D Keep up the good work. This is getting closer all the time!
 
ryzhov_al said:
New one is written in GO, which consumes too much resources on embedded systems:(
Click to expand...

That's too bad :(

Still curious how @XIII managed to get it running, as installing in /etc is not really an option. It's gone after a reboot and the precompiled binary quits if it's unable to find its config in /etc/dnscrypt-proxy.
 
M@rco said:
Do you mind sharing what steps you've taken to get it working? I get a fatal error when launching it:

Code: 
./dnscrypt-proxy
[2018-01-13 16:26:17] [-] [NOTICE] [2.dnscrypt-cert.resolver2.dnscrypt.eu.] Valid cert found: [d616d26809d229a79457de073de8ebd83c24bff32bf7b406108b44da51fe3711]
[2018-01-13 16:26:17] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use

What I did so far:

  • downloaded the precompiled binary
  • created a directory /etc/dnscrypt-proxy
  • extracted the contents of the archive into that directory
  • changed permissions on the directory and its contents
  • made the binary executable
  • edited the .toml config file to use the closest dnscrypt server
  • tried to start dnscrypt-proxy
... which resulted in the error above.

I checked whether dns filtering is disabled, which is true, so I don't know what's running at 127.0.0.1:53. Searched the web for info on how to figure it out, but could only find netstat parameters which don't work on our limited version of netstat. htop didn't show any info, as far as I can tell, of which process is using port 53 on my RT-AC68U. Some pointers in the right direction would be appreciated.
Click to expand...
/etc/dnscrypt-proxy is useless on the router, once rebooted that directory is gone.
 
use symlink to do that.
u can install the script in your usb drive or jffs
the symlink to /tmp/etc/dnscrypt-proxy
eg. ln -s /jffs/dnscrypt-proxy /tmp/etc/dnscrypt-proxy
same time may need to add the symlink command at user script in service-start
and at wan-start, start the dnscrypt-proxy

i think you may still need to set server=127.0.0.1#65052 in /jffs/configs/dnsmasq.conf.add

do a reboot to try them.

i have not try it. you try and tell me. lol

by the way, there is already new commits for the dnscrypt-proxy v2. they change the directory requirement (/etc/dnscrypt-proxy) to same directory as dnscrypt-proxy (to find the dnscrypt-proxy.toml) See Link. Waiting for new compiled version. Unless someone know how to compile for us.
 
Last edited:
thelonelycoder said:
/etc/dnscrypt-proxy is useless on the router, once rebooted that directory is gone.
Click to expand...

Thanks, I figured that out :D

M@rco said:
It's gone after a reboot and the precompiled binary quits if it's unable to find its config in /etc/dnscrypt-proxy.
Click to expand...

@DonnyJohnny Thanks for your assistance. I think I'll wait for the next pre-compiled version as well. As you can see, my knowledge is limited, but it was worth a try.
 
ryzhov_al said:
New one is written in GO, which consumes too much resources on embedded systems:(
Click to expand...

Great. Another programmer who uses a less efficient language just "because they can", and they think it's cool. Sigh.
 
There’s a command line option to use a different path for the configuration log file.

I can’t try right now, but running the executable with —help might show it.

Furthermore, I used port 65053 instead of 53 (which I already did for the old version).
 
XIII said:
There’s a command line option to use a different path for the configuration log file.

I can’t try right now, but running the executable with —help might show it.

Furthermore, I used port 65053 instead of 53 (which I already did for the old version).
Click to expand...
We still need to make dnsmasq listen to 127.0.0.1: port?
 
https://github.com/jedisct1/dnscrypt-proxy/releases
Alpha 5 is out. Looks better with csv link included inside the log.

I tested the alpha3 yesterday. Strangely only managed to use Cisco. The rest of the resolvers not working for me. I think it got something to do with dnssec validation. Hope this alpha5 works.

Also, yes, this GoLang version used more resources. But given the features it offers sound attractive. Let’s see how it go.

Question...
I used to be able to see the dnscrypt-proxy log. Like recieving cert and proxying to... now these I can’t see the log in syslog. Anyone know why?
 
You must log in or register to reply here.

Similar threads

M
deSEC DDNS update script
Replies
0
Views
138
Markfree
M
CntrlAltDel
DNScrypt DNSCrypt Error During Setup
Replies
1
Views
1K
Zastoff
Zastoff
S
Wireguard VPN change routes ip
Replies
0
Views
212
S75
S
XIYO
Is there an option like inadyn --continue-on-error "command"?
Replies
2
Views
505
XIYO
XIYO
8
ASUS RT-AX58U (F/W Ver.:V3.0.0.4.384.8601) with Asuswrt-Merlin 3004.388.5 - Transmission: "Could not connect to the server. You may need to reload"
Replies
2
Views
396
8helge8
8
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 794 (members: 15, guests: 779)
Top