Menu
What's new
By:
Filters Better Search

DNSCrypt is reborn!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have tested and confirmed that for now this v2 alpha5 do not support local dnssec validation. Only dnscrypt.
So you need to disable dnssec support in the router GUI at LAN, DHCP Server.
 
XIII said:
I use this in dnsmasq.conf.add:

Code: 
no-resolv
server=127.0.0.1#65053
Click to expand...

What are the implications of binding dnsmasq to a different port than 53? Will local dns resolving still work, for example?
 
M@rco said:
What are the implications of binding dnsmasq to a different port than 53? Will local dns resolving still work, for example?
Click to expand...
I had/have this setup with the old/regular version of DNSCrypt.

I’m not sure I’m familiar with local DNS resolving. Is that the device name you choose plus the local domain you choose? Example: pc & home.lan, so pc.home.lan? That works with the regular setup, but I don’t think I tried with version 2.

My guess is the behavior will be the same.
 
M@rco said:
@DonnyJohnny Maybe you can pipe the output of dnscrypt-proxy to logger, to have it show up in syslog, for the time being?
Click to expand...
Kindly advise how do I do that?

This v2... other than able to see log during the initial start up of dnscrypt, I don’t see any log file being generate. Checked /etc , /tmp, /jffs area.
How do I tail the dnscrypt-proxy log?
 
Haven't tried it myself yet, as I haven't had time to play with alpha5, but when you start it manually, I think you should be able to use

Code: 
./dnscrypt-proxy | logger -t dnscrypt &

or, if you start it from a startup script when booting, I think you can simply add

Code: 
  | logger -t dnscrypt &

right behind the line where you launch dnscrypt-proxy during boot. There's a space before | as well.

As for tailing the logfile, I'm not sure where it's logging currently. I did notice (while playing around with the Win64 executable) that there's a command line parameter for logging verbosity level, which made me think it had to be logging somewhere...

Please share your findings. I'll probably have another go at it tomorrow and let you know if I find something useful.
 
M@rco said:
Haven't tried it myself yet, as I haven't had time to play with alpha5, but when you start it manually, I think you should be able to use

Code: 
./dnscrypt-proxy | logger -t dnscrypt &

or, if you start it from a startup script when booting, I think you can simply add

Code: 
  | logger -t dnscrypt &

right behind the line where you launch dnscrypt-proxy during boot. There's a space before | as well.

As for tailing the logfile, I'm not sure where it's logging currently. I did notice (while playing around with the Win64 executable) that there's a command line parameter for logging verbosity level, which made me think it had to be logging somewhere...

Please share your findings. I'll probably have another go at it tomorrow and let you know if I find something useful.
Click to expand...

Nothing happening in syslog

Code: 
/jffs/dnscrypt-proxy/linux-arm/dnscrypt-proxy -config /jffs/dnscrypt-proxy/linux-arm/dnscrypt-proxy.toml -loglevel 1 | logger -t dnscrypt &

[2018-01-14 14:50:00] [-] [INFO] Loading source information from cache file [dnscrypt-resolvers.csv]
[2018-01-14 14:50:00] [-] [INFO] Loading source information from cache file [dnscrypt-resolvers.csv.minisig]
[2018-01-14 14:50:00] [-] [NOTICE] Source [https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv] loaded
[2018-01-14 14:50:00] [-] [INFO] Adding [d0wn-nl-ns4] to the set of wanted resolvers
[2018-01-14 14:50:00] [-] [INFO] Adding [d0wn-us-ns4] to the set of wanted resolvers
[2018-01-14 14:50:00] [-] [INFO] Adding [dnscrypt.eu-nl] to the set of wanted resolvers
[2018-01-14 14:50:00] [-] [INFO] Adding [dnscrypt.org-fr] to the set of wanted resolvers
[2018-01-14 14:50:00] [-] [INFO] Adding [ventricle.us] to the set of wanted resolvers


By the way for people who want to know where to place the command for autostart after router reboot. You can place them at “firewall-start” or “post-mount” user script. Anything for it seems not to work for me. Tell me about it.
 
Last edited:
DonnyJohnny said:
Nothing happening in syslog
Click to expand...

Strange. I tested it quickly prior to posting, by redirecting the output on the terminal created by Skynet (first thing I could think of, sorry) and the whole menu showed up in syslog. Not sure why it wouldn't work. Maybe one of the experienced coders like @Adamm or @thelonelycoder can point us in the right direction, I just don't have enough knowledge. I just get there by trial and error and thought this would work...
 
M@rco said:
Strange. I tested it quickly prior to posting, by redirecting the output on the terminal created by Skynet (first thing I could think of, sorry) and the whole menu showed up in syslog. Not sure why it wouldn't work. Maybe one of the experienced coders like @Adamm or @thelonelycoder can point us in the right direction, I just don't have enough knowledge. I just get there by trial and error and thought this would work...
Click to expand...
If a log facility is set and it's not the syslog, then it likely logs to /var/log/
Otherwise you'd have to start it with the correct params to direct it to syslog. Look through the conf files in /etc/dns..., maybe you can set it there.
 
thelonelycoder said:
If a log facility is set and it's not the syslog, then it likely logs to /var/log/
Otherwise you'd have to start it with the correct params to direct it to syslog. Look through the conf files in /etc/dns..., maybe you can set it there.
Click to expand...

Thanks for your reply. Assuming logging isn't fully implemented/configurable in dnscrypt-proxy v2 yet (as suggested in the planned features), is the following command correct to send the output, generated on screen when executing the binary, to syslog?

Code: 
./dnscrypt-proxy | logger -t dnscrypt &
 
M@rco said:
Thanks for your reply. Assuming logging isn't fully implemented/configurable in dnscrypt-proxy v2 yet (as suggested in the planned features), is the following command correct to send the output, generated on screen when executing the binary, to syslog?

Code: 
./dnscrypt-proxy | logger -t dnscrypt &
Click to expand...
If there's anything it prints, you could try this:
Code: 
./dnscrypt-proxy | logger -t dnscrypt-proxy "$@" &
 
M@rco said:
@DonnyJohnny: You could try the suggestion by @thelonelycoder in the post above, see if that works. I can't try it myself until tomorrow unfortunately. I'll try to find out whether it's logging elsewhere as suggested as well.
Click to expand...
You guys are doing awesome man keep up the great work!!
 
Okay, a bit of progress...

This didn't work unfortunately:

thelonelycoder said:
If there's anything it prints, you could try this:
Code: 
./dnscrypt-proxy | logger -t dnscrypt-proxy "$@" &
Click to expand...

It still prints the output only to the terminal, nothing to syslog.

However, the following does output to syslog:

Code: 
./dnscrypt-proxy 2>&1 | logger -t dnscrypt-proxy &

Which results in: (your results might look different, the excerpt below has been copied from papertrail.com)

Code: 
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] Source [https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv] loaded
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt.default.ns1.adguard.com.] Valid cert found: [ef0cdaa6887f24c8d7f38584bfa96bc9e92e0094e4a6bd3670bb76e6f85d4603]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.dnsrec.meo.ws.] Valid cert found: [e7376400d64607207d9d29aba4c9070c4546cef70cfed62f41e9feaac58f6376]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use

I created /jffs/configs/dnsmasq.conf.add (didn't exist?) and added

Code: 
no-resolv
server=127.0.0.1#65053

which appears in /etc/dnsmasq.conf after a reboot. However, when starting dnscrypt-proxy, I still get the same fatal error:

Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
Click to expand...

Any suggestions?
 
Last edited by a moderator:
M@rco said:
Okay, a bit of progress...

This didn't work unfortunately:



It still prints the output only to the terminal, nothing to syslog.

However, the following does output to syslog:

Code: 
marco@RT-AC68U:/tmp/mnt/USB/dnscrypt-proxy# ./dnscrypt-proxy | logger -t dnscrypt-proxy "$@" &

Which results in: (your results might look different, the excerpt below has been copied from papertrail.com)

Code: 
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] Source [https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv] loaded
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt.default.ns1.adguard.com.] Valid cert found: [ef0cdaa6887f24c8d7f38584bfa96bc9e92e0094e4a6bd3670bb76e6f85d4603]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.dnsrec.meo.ws.] Valid cert found: [e7376400d64607207d9d29aba4c9070c4546cef70cfed62f41e9feaac58f6376]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [NOTICE] [2.dnscrypt-cert.fr.dnscrypt.org.] Valid cert found: [ac708439648371fd8cfe27d0da9e88b31e23b0258859fda24acba08a6f7d8954]
Jan 15 09:15:30 RT-AC68U dnscrypt-proxy: [2018-01-15 08:15:30] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use

I created /jffs/configs/dnsmasq.conf.add (didn't exist?) and added

Code: 
no-resolv
server=127.0.0.1#65053

which appears in /etc/dnsmasq.conf after a reboot. However, when starting dnscrypt-proxy, I still get the same fatal error:



Any suggestions?
Click to expand...
./dnscrypt-proxy | logger -t dnscrypt-proxy "$@" &
would only print once anyway.
 
thelonelycoder said:
./dnscrypt-proxy | logger -t dnscrypt-proxy "$@" &
would only print once anyway.
Click to expand...
Sorry, pasted the wrong line. This is what works (edited post above):
Code: 
marco@RT-AC68U:/tmp/mnt/USB/dnscrypt-proxy# ./dnscrypt-proxy 2>&1 | logger -t dnscrypt-proxy &
 
M@rco said:
Sorry, pasted the wrong line. This is what works (edited post above):
Code: 
marco@RT-AC68U:/tmp/mnt/USB/dnscrypt-proxy# ./dnscrypt-proxy 2>&1 | logger -t dnscrypt-proxy &
Click to expand...
It works!!
At least for now, during reboot, we can see log if successful.
 
U need to edit the dnscrypt-proxy.toml to change the listening port to 65053. As of now, I don’t know how to restart dnscrypt-proxy. I used TOP command and KILL command to stop dnscrypt-proxy and start the dnscrypt-proxy again to refresh update of the toml configuration.
For any update of dnsmasq.conf.add, you can use service restart_dnsmasq to load them up.

You can also set dnssec-proxy in dnsmasq.conf.add if u want. Provided resolver use dnssec.

I find this v2 easy to use. And seems efficient. I have 4 resolvers and I listen to 4 socket ports.

Set cache to 386. Memory usage is around 10.4mb. Compare to previous dnscrypt-proxy. It is almost 10x more... but given it support multi-core feature.. why not...
 
You must log in or register to reply here.

Similar threads

M
deSEC DDNS update script
Replies
0
Views
133
Markfree
M
CntrlAltDel
DNScrypt DNSCrypt Error During Setup
Replies
1
Views
1K
Zastoff
Zastoff
S
Wireguard VPN change routes ip
Replies
0
Views
209
S75
S
XIYO
Is there an option like inadyn --continue-on-error "command"?
Replies
2
Views
504
XIYO
XIYO
8
ASUS RT-AX58U (F/W Ver.:V3.0.0.4.384.8601) with Asuswrt-Merlin 3004.388.5 - Transmission: "Could not connect to the server. You may need to reload"
Replies
2
Views
395
8helge8
8
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 981 (members: 9, guests: 972)
Top