1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

dnscrypt-proxy question

Discussion in 'Asuswrt-Merlin' started by sbsnb, Feb 23, 2019.

  1. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    169
    I am running dnscrypt-proxy with the following in my dnscrypt-proxy.toml:

    Code:
       [sources.'opennic']
       urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
       minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
       cache_file = 'opennic.md'
    What's concerning me is the following entries keep appearing in my log:

    Code:
    Feb 23 07:10:44 dnscrypt-proxy[12891]: Server with the lowest initial latency: fvz-anyone (rtt: 2ms)
    The problem is that 'fvz-anyone' does not appear in https://download.dnscrypt.info/resolvers-list/v2/opennic.md. Why is dnscrypt-proxy using that server? There are no other servers in my config.
     
  2. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    169
    I guess dnscrypt-proxy doesn't reload that URL or often enough. According to comments on github the fvz servers were removed more than two weeks ago, but my dnscrypt-proxy was still using them. Restarting dnscrypt-proxy forced a refresh and it no longer uses them.
     
  3. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    169
  4. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    384
    You might also consider testing which are generally the lowest latency dns servers and permanently using those. Cloudflare is often a great choice.
     
  5. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    169
    Thank you, but I'm trying to stick with opennic. I don't trust other DNS providers not to start pulling shenanigans with domains they don't like ala cloudfare and dailystormer. Yeah, dailystormer is a bunch of racist assholes, but even then the idea that some guy can just wake up in a bad mood and suddenly a site he doesn't like disappears from the Internet doesn't sit well with me. It could happen with opennic too, but the type of people that run opennic I think are less likely to do such things. So, cloudfare in particular, is not a provider I trust to be a neutral information provider.