What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

This recent version 2 has a watch that checks every 12 hours and starts if needed.

That is good to know, only happened a couple of times but when it does my internet is essentially down. Is there a way to change that check to have it check much more frequently? While dnscrypt has been very stable for me, it seems impractical to have to potentially wait up to 12 hours depending on the last time it was checked for it to restart itself.
 
That is good to know, only happened a couple of times but when it does my internet is essentially down. Is there a way to change that check to have it check much more frequently? While dnscrypt has been very stable for me, it seems impractical to have to potentially wait up to 12 hours depending on the last time it was checked for it to restart itself.
Check post #2 in this thread.
https://www.snbforums.com/threads/n...reboot-if-internet-is-down.43819/#post-371791
 
Just some question about CDN.
i read about EDNS not provided by cloudflare for privacy reason. Wonder how it determine the country i am connected from. For example the POP is same as my country and the ping is like 6ms. When getting data from CDN, does it provided the geo info based on the POP I am connected with?
So far i dont really see great speed difference in surfing or viewing video.

kindly advise how it would?

(snb isn't consistent on email notification. I think I didn't get one for this post...)

Cloudflare (or Google or anyone else in the biz) uses "any cast" technology. Anycast is a native feature in IPv6 but not IPv4. However, providers can implement anycast in IPv4 by tactically manipulating routing tables (so called BGP tables) in different regions.

When you want to reach 1.1.1.1, the BGP table in the region you belong to will guarantee the nearest DNS server (or point of presence) as Cloudflare has designated.
 
Just wondering if anyone got some ideas on a crude script that will ping some known dns address (example www.google.com) at a regular interval and if that fails run the following to restart dnscrypt:

"/jffs/dnscrypt/manager dnscrypt-start"

Trying to see if I could recover from the rare crashed or hung dnscrypt without having to use a script that will reboot the whole router. Thanks in advance.
 
Just wondering if anyone got some ideas on a crude script that will ping some known dns address (example www.google.com) at a regular interval and if that fails run the following to restart dnscrypt:

"/jffs/dnscrypt/manager dnscrypt-start"

Trying to see if I could recover from the rare crashed or hung dnscrypt without having to use a script that will reboot the whole router. Thanks in advance.
Dnscrypt checks its state every 12 hours and does what is needed to start.
 
It is nice to see cloudflare dns is actively improving their performance and service.
https://community.cloudflare.com/
If you have any issue with cloudflare dns, pls feedback to them... I see those posts that people posted, the cloudflare team is quite active in doing debugging...
Hope everything will be better. For me.. so far there isn’t any problem... maybe I have a POP right in my country and ping is between 6-10ms. No downtime unlike those reporting upstream error.
 
It is nice to see cloudflare dns is actively improving their performance and service.
https://community.cloudflare.com/
If you have any issue with cloudflare dns, pls feedback to them... I see those posts that people posted, the cloudflare team is quite active in doing debugging...
Hope everything will be better. For me.. so far there isn’t any problem... maybe I have a POP right in my country and ping is between 6-10ms. No downtime unlike those reporting upstream error.
Thanks, I will try giving some feedback to the cloudflare team re: Regular 'Upstream communication errors'.
 
Only time it has stopped for me though, was after the last 384.5 beta 2 update.
Otherwise all good.

I know I was using dnscrypt before and it never crashed. I can't tell if its the 384.5 beta 2 update or what, but you might be on to something.
 
I know I was using dnscrypt before and it never crashed. I can't tell if its the 384.5 beta 2 update or what, but you might be on to something.
I am still on 384.4_2 so not sure this has anything to do with the latest beta !!!
I have been on the cloudflare community site and uploaded some Troubleshooting stats/data as requested.
Will see if cloudflare have anything to say regarding DoH.
I appear to be able to get 100% reliability if I use standard DNS via port 53.
As soon as I use DoH I get unreliable DNS lookup.
Tested it via DNS Benchmark software from ww.grc.com (Steve Gibson).
 
@bigeyes0x0

Might want to write something into the installer script that wacks permissions. Though the issue I ran into was basically my fault.

I have my umask set to 0600. I hate the default of oooo setting everything to executable. I was ripping my hair out trying to figure out why your installer was not starting the service.
Eventually found out the permissions on 'dnscrypt-proxy.toml' were not set in a way that the service could read the file. Because it runs as nobody it needed at least 444. With umask of 0600 it was 600.
 
I just run the installer. After reboot dnscrypt is running and all, but strangely the installer does not do anything to /jffs/configs/dnsmasq.conf.add. I have a heavily modified dnsmasq.conf.add, so I tried to deleted it and rerun the installer, but the installer doesn't even create the dnsmasq.conf.add again.

Is this normal? Should I add something to it manually?
 
Just wondering if anyone got some ideas on a crude script that will ping some known dns address (example www.google.com) at a regular interval and if that fails run the following to restart dnscrypt:

"/jffs/dnscrypt/manager dnscrypt-start"

Trying to see if I could recover from the rare crashed or hung dnscrypt without having to use a script that will reboot the whole router. Thanks in advance.

As per your request Need a script, here is my crude script based on ChkWAN.sh
EDIT: 14 May 2018 v1.02 Fix port typo - thanks @Cam
Code:
#!/bin/sh
VER="v1.02"
#============================================================================================ © 2018 Martineau v1.02
#
# Monitor DNSCRYPT state using CURL to multiple hosts,
#         Usually the Recovery action (restart DNSCRYPT) occurs within 2 secs
#
# Usage:    ChkDNSCRYPT  [help|-h] [nowait] [cron] [quiet] [once] [debug]
#
#           ChkDNSCRYPT
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs
#           ChkDNSCRYPT  nowait
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs but check immediately rather
#                        than delay the check for 10secs
#           ChkDNSCRYPT  cron
#                        Check the status of dnscrypt using www.google.com but create a cron/cru schedule for every 30mins
#                        and start the check immediatelt rather than wait 10 sec before execution.
#           ChkDNSCRYPT  quiet
#                        Check the status of dnscrypt using www.google.com but suppress console messages
#           ChkDNSCRYPT  once
#                        Check the status of dnscrypt using www.google.com once only.
#
#
# Normally initiated from services-start/init-start as a background task
#
#           /jffs/scripts/ChkDNSCRYPT.sh &
#
#     or via cron/cru
#
#           cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/ChkDNSCRYPT.sh nowait"

ShowHelp() {
    awk '/^#==/{f=1} f{print; if (!NF) exit}' $0
}
ANSIColours() {
    cRESET="\e[0m";cBLA="\e[30m";cRED="\e[31m";cGRE="\e[32m";cYEL="\e[33m";cBLU="\e[34m";cMAG="\e[35m";cCYA="\e[36m";cGRA="\e[37m"
    cBGRA="\e[90m";cBRED="\e[91m";cBGRE="\e[92m";cBYEL="\e[93m";cBBLU="\e[94m";cBMAG="\e[95m";cBCYA="\e[96m";cBWHT="\e[97m"
    aBOLD="\e[1m";aDIM="\e[2m";aUNDER="\e[4m";aBLINK="\e[5m";aREVERSE="\e[7m"
    cRED_="\e[41m";cGRE_="\e[42m"
}
Say(){
   echo -e $$ $@ | logger -st "($(basename $0))"
}
SayT(){
   echo -e $$ $@ | logger -t "($(basename $0))"
}
Check_DNSCRYPT () {
    STATUS=0
    echo -en $cBYEL
        curl -o /dev/null --connect-timeout 5 -s "$1"
        RC=$?
        if [ $RC -eq 0 ];then
            STATUS=1
    fi
 
    return $STATUS
}

ANSIColours

MYROUTER=$(nvram get computer_name)
FIRMWARE=$(echo $(nvram get buildno) | awk 'BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}')

# Can only run in Router Mode;
#if [ "$(Check_Router_Mode)" != "Router" ];then
    #echo -e "\e[41m\a\n\n\n\n\t\t\t\t** "$(Check_Router_Mode)" mode is not supported stand-alone; Ensure main router is configured **\t\t\t\t\t\n\n\n\e[0m"
#fi

HOSTS_DNSCRYPT="www.google.com"                                             # Target DNSCRYPT host
ACTION="DNSCRYPTONLY"
DNSCRYPT=1
ONCE=
QUIET=

# Validate args if supplied
if [ ! -z $1 ];then
    if [ $(echo $@ | grep -c "debug") -gt 0 ];then          # 'debug'   requested?
        DEBUG="debug"
        if [ "$1" == "debug" ];then
            shift                                               # Remove from arg list!
        fi
        set -x                                                  # Enable trace
    fi
    if [ "$(echo $@ | grep -cw 'quiet')" -gt 0 ];then
        QUIET="quiet"
    fi
 
    if [ "$(echo $@ | grep -cw 'once')" -gt 0 ];then
        ONCE="once"
    fi
 
    if [ "$(echo $@ | grep -cw 'cron')" -gt 0 ];then
        if [ -z "$(cru l | grep "$0")" ];then
            CRON_ARGS=$(echo $@ | sed -e 's/\<cron\>//g')   # Strip 'cron' from being passed to the cru entry
            cru d DNSCRYPT_Check
            cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/$0 $CRON_ARGS"     # Every 30 mins
            CRONJOB=$(cru l | grep "$0")
            Say "ChkDNSCRYPT scheduled by cron"
            echo -e "\tcru l: -> $CRONJOB"
        fi
    fi
 
fi

# Help request ?
if [ "$1" == "help" ] || [ "$1" == "-h" ];then
   echo -e $cBWHT
   ShowHelp                         # Show help
   echo -e $cRESET
   exit 0
fi

if [ ! -f /jffs/dnscrypt/manager ];then
    echo -e $cBRED"\a\n\t***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!\n"$cRESET
    SayT "***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!"
    exit 99
fi
if [ -z "$(pidof dnscrypt-proxy)" ];then
    SayT "*Warning dnscrypt NOT running....."
    echo -e $cRED"\a\n\t*Warning dnscrypt NOT running.....!\n"$cRESET
fi
ETC="etc"                                 # Hack for snbforums
if [ -z "$(grep "server=127.0.0.1#65053" /${ETC}/dnsmasq.conf)" ];then
    SayT "*Warning dnscrypt directive 'server=127.0.0.1#65053' NOT configured in '/${ETC}/dnsmasq.conf'"
    echo -e $cRED"\a\n\t*Warning dnscrypt directive 'server=127.0.0.1#65053' NOT configured in '/${ETC}/dnsmasq.conf'!\n"$cRESET
fi

# No of times to check each DNSCRYPT host before trying next
TRIES=1                                     # TRIES=3 With 5 hosts and PING ONLY usually recovery action is initiated within 01:30 minutes?
                                            # TRIES=3 With 5 hosts and WGET;     usually recovery action is initiated within 03:30 minutes?
                                   
# How often to check if DNSCRYPT connectivity is found to be OK
INTERVAL_SECS=30
# How long to wait between the TRIES attempts if ALL DNSCRYPT hosts FAIL
INTERVAL_ALL_FAILED_SECS=10
# How many cycle fails before recovery ACTION taken/issued
MAX_FAIL_CNT=1
STATUS=0
FAIL_CNT=0

if [ "$(echo $@ | grep -cw 'nowait')" -eq 0 ] && [ "$QUIET" != "quiet" ];then
    echo -e $cBCYA
    Say "DNSCRYPT connection status monitoring will begin in" $INTERVAL_ALL_FAILED_SECS "seconds....."
    sleep $INTERVAL_ALL_FAILED_SECS
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBMAG
    Say "Monitoring DNSCRYPT connection using" $(echo $HOSTS_DNSCRYPT | wc -w) "target CURL hosts ("$HOSTS_DNSCRYPT") (Tries="$TRIES")"
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBWHT
    Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
fi

while [ $FAIL_CNT -lt $MAX_FAIL_CNT ]; do
    for TARGET in $HOSTS_DNSCRYPT; do
        UP=0;
        IP=
        echo -en $cRESET
        Check_DNSCRYPT $TARGET
        if [ $STATUS -gt 0 ]; then
            UP=1
            break
        else
            echo -e $cRED
            TXT="using curl via '"$TARGET"'"
            Say "Monitoring DNSCRYPT connection" $TXT "check FAILED"
        fi
    done
    if [ $UP -gt 0 ]; then
        FAIL_CNT=0
        echo -e $cBGRE
        TXT="curl successfully checked DNSCRYPT via '"$TARGET"'"
        if [ -z "$(cru l | grep "$0")" ];then
            if [ -z "$ONCE" ];then
                if [ "$QUIET" != "quiet" ];then
                    Say "Monitoring DNSCRYPT connection OK.....("$TXT"). Will check DNSCRYPT again in" $INTERVAL_SECS "secs"
                    echo -en $cRESET
                fi
       
                sleep $INTERVAL_SECS
            else
                Say "Monitoring DNSCRYPT connection OK.....("$TXT")."
                echo -en $cRESET
                exit 0
            fi
        else
            if [ "$QUIET" != "quiet" ];then
                Say "Monitoring DNSCRYPT connection OK.....("$TXT"); Terminating due to ACTIVE cron schedule"
                echo -e $cRESET
            fi
            exit 0
        fi
    else
        FAIL_CNT=$((FAIL_CNT+1))
        if [ $FAIL_CNT -ge $MAX_FAIL_CNT ];then
            break
        fi
        sleep $INTERVAL_ALL_FAILED_SECS
 
        if [ "$QUIET" != "quiet" ];then
            echo -e $cBWHT
            Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
        fi
        echo -en $cRESET
    fi
done

echo -e $cBYEL"\a"
# Failure after $INTERVAL_ALL_FAILED_SECS*$MAX_FAIL_CNT secs ?
case "$ACTION" in
    DNSCRYPTONLY)
        Say "Restarting DNSCRYPT....(Action="$ACTION")"
        /jffs/dnscrypt/manager dnscrypt-start
        ;;
esac

echo -e $cRESET"\n"
 
Last edited:
As per your request Need a script, here is my crude script based on ChkWAN.sh
Code:
#!/bin/sh
VER="v1.01"
#============================================================================================ © 2018 Martineau v1.01
#
# Monitor DNSCRYPT state using CURL to multiple hosts,
#         Usually the Recovery action (restart DNSCRYPT) occurs within 2 secs
#
# Usage:    ChkDNSCRYPT  [help|-h] [nowait] [cron] [quiet] [once] [debug]
#
#           ChkDNSCRYPT
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs
#           ChkDNSCRYPT  nowait
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs but check immediately rather
#                        than delay the check for 10secs
#           ChkDNSCRYPT  cron
#                        Check the status of dnscrypt using www.google.com but create a cron/cru schedule for every 30mins
#                        and start the check immediatelt rather than wait 10 sec before execution.
#           ChkDNSCRYPT  quiet
#                        Check the status of dnscrypt using www.google.com but suppress console messages
#           ChkDNSCRYPT  once
#                        Check the status of dnscrypt using www.google.com once only.
#
#
# Normally initiated from services-start/init-start as a background task
#
#           /jffs/scripts/ChkDNSCRYPT.sh &
#
#     or via cron/cru
#
#           cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/ChkDNSCRYPT.sh nowait"

ShowHelp() {
    awk '/^#==/{f=1} f{print; if (!NF) exit}' $0
}
ANSIColours() {
    cRESET="\e[0m";cBLA="\e[30m";cRED="\e[31m";cGRE="\e[32m";cYEL="\e[33m";cBLU="\e[34m";cMAG="\e[35m";cCYA="\e[36m";cGRA="\e[37m"
    cBGRA="\e[90m";cBRED="\e[91m";cBGRE="\e[92m";cBYEL="\e[93m";cBBLU="\e[94m";cBMAG="\e[95m";cBCYA="\e[96m";cBWHT="\e[97m"
    aBOLD="\e[1m";aDIM="\e[2m";aUNDER="\e[4m";aBLINK="\e[5m";aREVERSE="\e[7m"
    cRED_="\e[41m";cGRE_="\e[42m"
}
Say(){
   echo -e $$ $@ | logger -st "($(basename $0))"
}
SayT(){
   echo -e $$ $@ | logger -t "($(basename $0))"
}
Check_DNSCRYPT () {
    STATUS=0
    echo -en $cBYEL
        curl -o /dev/null --connect-timeout 5 -s "$1"
        RC=$?
        if [ $RC -eq 0 ];then
            STATUS=1
    fi
 
    return $STATUS
}
ANSIColours
MYROUTER=$(nvram get computer_name)
FIRMWARE=$(echo $(nvram get buildno) | awk 'BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}')
# Can only run in Router Mode;
#if [ "$(Check_Router_Mode)" != "Router" ];then
    #echo -e "\e[41m\a\n\n\n\n\t\t\t\t** "$(Check_Router_Mode)" mode is not supported stand-alone; Ensure main router is configured **\t\t\t\t\t\n\n\n\e[0m"
#fi
HOSTS_DNSCRYPT="www.google.com"                                             # Target DNSCRYPT host
ACTION="DNSCRYPTONLY"
DNSCRYPT=1
ONCE=
QUIET=
# Validate args if supplied
if [ ! -z $1 ];then
    if [ $(echo $@ | grep -c "debug") -gt 0 ];then          # 'debug'   requested?
        DEBUG="debug"
        if [ "$1" == "debug" ];then
            shift                                               # Remove from arg list!
        fi
        set -x                                                  # Enable trace
    fi
    if [ "$(echo $@ | grep -cw 'quiet')" -gt 0 ];then
        QUIET="quiet"
    fi
 
    if [ "$(echo $@ | grep -cw 'once')" -gt 0 ];then
        ONCE="once"
    fi
 
    if [ "$(echo $@ | grep -cw 'cron')" -gt 0 ];then
        if [ -z "$(cru l | grep "$0")" ];then
            CRON_ARGS=$(echo $@ | sed -e 's/\<cron\>//g')   # Strip 'cron' from being passed to the cru entry
            cru d DNSCRYPT_Check
            cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/$0 $CRON_ARGS"     # Every 30 mins
            CRONJOB=$(cru l | grep "$0")
            Say "ChkDNSCRYPT scheduled by cron"
            echo -e "\tcru l: -> $CRONJOB"
        fi
    fi
 
fi
# Help request ?
if [ "$1" == "help" ] || [ "$1" == "-h" ];then
   echo -e $cBWHT
   ShowHelp                         # Show help
   echo -e $cRESET
   exit 0
fi
if [ ! -f /jffs/dnscrypt/manager ];then
    echo -e $cBRED"\a\n\t***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!\n"$cRESET
    SayT "***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!"
    exit 99
fi
if [ -z "$(pidof dnscrypt-proxy)" ];then
    SayT "*Warning dnscrypt NOT running....."
    echo -e $cRED"\a\n\t*Warning dnscrypt NOT running.....!\n"$cRESET
fi
ETC="etc"                                 # Hack for snbforums
if [ -z "$(grep "server=127.0.0.1#65054" /${ETC}/dnsmasq.conf)" ];then
    SayT "*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'"
    echo -e $cRED"\a\n\t*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'!\n"$cRESET
fi
# No of times to check each DNSCRYPT host before trying next
TRIES=1                                     # TRIES=3 With 5 hosts and PING ONLY usually recovery action is initiated within 01:30 minutes?
                                            # TRIES=3 With 5 hosts and WGET;     usually recovery action is initiated within 03:30 minutes?
                                        
# How often to check if DNSCRYPT connectivity is found to be OK
INTERVAL_SECS=30
# How long to wait between the TRIES attempts if ALL DNSCRYPT hosts FAIL
INTERVAL_ALL_FAILED_SECS=10
# How many cycle fails before recovery ACTION taken/issued
MAX_FAIL_CNT=1
STATUS=0
FAIL_CNT=0

if [ "$(echo $@ | grep -cw 'nowait')" -eq 0 ] && [ "$QUIET" != "quiet" ];then
    echo -e $cBCYA
    Say "DNSCRYPT connection status monitoring will begin in" $INTERVAL_ALL_FAILED_SECS "seconds....."
    sleep $INTERVAL_ALL_FAILED_SECS
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBMAG
    Say "Monitoring DNSCRYPT connection using" $(echo $HOSTS_DNSCRYPT | wc -w) "target CURL hosts ("$HOSTS_DNSCRYPT") (Tries="$TRIES")"
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBWHT
    Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
fi
while [ $FAIL_CNT -lt $MAX_FAIL_CNT ]; do
    for TARGET in $HOSTS_DNSCRYPT; do
        UP=0;
        IP=
        echo -en $cRESET
        Check_DNSCRYPT $TARGET
        if [ $STATUS -gt 0 ]; then
            UP=1
            break
        else
            echo -e $cRED
            TXT="using curl via '"$TARGET"'"
            Say "Monitoring DNSCRYPT connection" $TXT "check FAILED"
        fi
    done
    if [ $UP -gt 0 ]; then
        FAIL_CNT=0
        echo -e $cBGRE
        TXT="curl successfully checked DNSCRYPT via '"$TARGET"'"
        if [ -z "$(cru l | grep "$0")" ];then
            if [ -z "$ONCE" ];then
                if [ "$QUIET" != "quiet" ];then
                    Say "Monitoring DNSCRYPT connection OK.....("$TXT"). Will check DNSCRYPT again in" $INTERVAL_SECS "secs"
                    echo -en $cRESET
                fi
            
                sleep $INTERVAL_SECS
            else
                Say "Monitoring DNSCRYPT connection OK.....("$TXT")."
                echo -en $cRESET
                exit 0
            fi
        else
            if [ "$QUIET" != "quiet" ];then
                Say "Monitoring DNSCRYPT connection OK.....("$TXT"); Terminating due to ACTIVE cron schedule"
                echo -e $cRESET
            fi
            exit 0
        fi
    else
        FAIL_CNT=$((FAIL_CNT+1))
        if [ $FAIL_CNT -ge $MAX_FAIL_CNT ];then
            break
        fi  
        sleep $INTERVAL_ALL_FAILED_SECS
    
        if [ "$QUIET" != "quiet" ];then
            echo -e $cBWHT
            Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
        fi
        echo -en $cRESET
    fi
done
echo -e $cBYEL"\a"
# Failure after $INTERVAL_ALL_FAILED_SECS*$MAX_FAIL_CNT secs ?
case "$ACTION" in
    DNSCRYPTONLY)
        Say "Restarting DNSCRYPT....(Action="$ACTION")"
        /jffs/dnscrypt/manager dnscrypt-start
        ;;
esac
echo -e $cRESET"\n"
Nice Job man!!
 
As per your request Need a script, here is my crude script based on ChkWAN.sh
Code:
#!/bin/sh
VER="v1.01"
#============================================================================================ © 2018 Martineau v1.01
#
# Monitor DNSCRYPT state using CURL to multiple hosts,
#         Usually the Recovery action (restart DNSCRYPT) occurs within 2 secs
#
# Usage:    ChkDNSCRYPT  [help|-h] [nowait] [cron] [quiet] [once] [debug]
#
#           ChkDNSCRYPT
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs
#           ChkDNSCRYPT  nowait
#                        Check the status of dnscrypt using www.google.com and monitor it every 30 secs but check immediately rather
#                        than delay the check for 10secs
#           ChkDNSCRYPT  cron
#                        Check the status of dnscrypt using www.google.com but create a cron/cru schedule for every 30mins
#                        and start the check immediatelt rather than wait 10 sec before execution.
#           ChkDNSCRYPT  quiet
#                        Check the status of dnscrypt using www.google.com but suppress console messages
#           ChkDNSCRYPT  once
#                        Check the status of dnscrypt using www.google.com once only.
#
#
# Normally initiated from services-start/init-start as a background task
#
#           /jffs/scripts/ChkDNSCRYPT.sh &
#
#     or via cron/cru
#
#           cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/ChkDNSCRYPT.sh nowait"

ShowHelp() {
    awk '/^#==/{f=1} f{print; if (!NF) exit}' $0
}
ANSIColours() {
    cRESET="\e[0m";cBLA="\e[30m";cRED="\e[31m";cGRE="\e[32m";cYEL="\e[33m";cBLU="\e[34m";cMAG="\e[35m";cCYA="\e[36m";cGRA="\e[37m"
    cBGRA="\e[90m";cBRED="\e[91m";cBGRE="\e[92m";cBYEL="\e[93m";cBBLU="\e[94m";cBMAG="\e[95m";cBCYA="\e[96m";cBWHT="\e[97m"
    aBOLD="\e[1m";aDIM="\e[2m";aUNDER="\e[4m";aBLINK="\e[5m";aREVERSE="\e[7m"
    cRED_="\e[41m";cGRE_="\e[42m"
}
Say(){
   echo -e $$ $@ | logger -st "($(basename $0))"
}
SayT(){
   echo -e $$ $@ | logger -t "($(basename $0))"
}
Check_DNSCRYPT () {
    STATUS=0
    echo -en $cBYEL
        curl -o /dev/null --connect-timeout 5 -s "$1"
        RC=$?
        if [ $RC -eq 0 ];then
            STATUS=1
    fi
 
    return $STATUS
}

ANSIColours

MYROUTER=$(nvram get computer_name)
FIRMWARE=$(echo $(nvram get buildno) | awk 'BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}')

# Can only run in Router Mode;
#if [ "$(Check_Router_Mode)" != "Router" ];then
    #echo -e "\e[41m\a\n\n\n\n\t\t\t\t** "$(Check_Router_Mode)" mode is not supported stand-alone; Ensure main router is configured **\t\t\t\t\t\n\n\n\e[0m"
#fi

HOSTS_DNSCRYPT="www.google.com"                                             # Target DNSCRYPT host
ACTION="DNSCRYPTONLY"
DNSCRYPT=1
ONCE=
QUIET=

# Validate args if supplied
if [ ! -z $1 ];then
    if [ $(echo $@ | grep -c "debug") -gt 0 ];then          # 'debug'   requested?
        DEBUG="debug"
        if [ "$1" == "debug" ];then
            shift                                               # Remove from arg list!
        fi
        set -x                                                  # Enable trace
    fi
    if [ "$(echo $@ | grep -cw 'quiet')" -gt 0 ];then
        QUIET="quiet"
    fi
 
    if [ "$(echo $@ | grep -cw 'once')" -gt 0 ];then
        ONCE="once"
    fi
 
    if [ "$(echo $@ | grep -cw 'cron')" -gt 0 ];then
        if [ -z "$(cru l | grep "$0")" ];then
            CRON_ARGS=$(echo $@ | sed -e 's/\<cron\>//g')   # Strip 'cron' from being passed to the cru entry
            cru d DNSCRYPT_Check
            cru a DNSCRYPT_Check "*/30 0 * * * /jffs/scripts/$0 $CRON_ARGS"     # Every 30 mins
            CRONJOB=$(cru l | grep "$0")
            Say "ChkDNSCRYPT scheduled by cron"
            echo -e "\tcru l: -> $CRONJOB"
        fi
    fi
 
fi

# Help request ?
if [ "$1" == "help" ] || [ "$1" == "-h" ];then
   echo -e $cBWHT
   ShowHelp                         # Show help
   echo -e $cRESET
   exit 0
fi

if [ ! -f /jffs/dnscrypt/manager ];then
    echo -e $cBRED"\a\n\t***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!\n"$cRESET
    SayT "***ERROR - DNSCRYPT script ('/jffs/dnscrypt/manager') not installed!"
    exit 99
fi
if [ -z "$(pidof dnscrypt-proxy)" ];then
    SayT "*Warning dnscrypt NOT running....."
    echo -e $cRED"\a\n\t*Warning dnscrypt NOT running.....!\n"$cRESET
fi
ETC="etc"                                 # Hack for snbforums
if [ -z "$(grep "server=127.0.0.1#65054" /${ETC}/dnsmasq.conf)" ];then
    SayT "*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'"
    echo -e $cRED"\a\n\t*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'!\n"$cRESET
fi

# No of times to check each DNSCRYPT host before trying next
TRIES=1                                     # TRIES=3 With 5 hosts and PING ONLY usually recovery action is initiated within 01:30 minutes?
                                            # TRIES=3 With 5 hosts and WGET;     usually recovery action is initiated within 03:30 minutes?
                                       
# How often to check if DNSCRYPT connectivity is found to be OK
INTERVAL_SECS=30
# How long to wait between the TRIES attempts if ALL DNSCRYPT hosts FAIL
INTERVAL_ALL_FAILED_SECS=10
# How many cycle fails before recovery ACTION taken/issued
MAX_FAIL_CNT=1
STATUS=0
FAIL_CNT=0

if [ "$(echo $@ | grep -cw 'nowait')" -eq 0 ] && [ "$QUIET" != "quiet" ];then
    echo -e $cBCYA
    Say "DNSCRYPT connection status monitoring will begin in" $INTERVAL_ALL_FAILED_SECS "seconds....."
    sleep $INTERVAL_ALL_FAILED_SECS
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBMAG
    Say "Monitoring DNSCRYPT connection using" $(echo $HOSTS_DNSCRYPT | wc -w) "target CURL hosts ("$HOSTS_DNSCRYPT") (Tries="$TRIES")"
fi

if [ "$QUIET" != "quiet" ];then
    echo -en $cBWHT
    Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
fi

while [ $FAIL_CNT -lt $MAX_FAIL_CNT ]; do
    for TARGET in $HOSTS_DNSCRYPT; do
        UP=0;
        IP=
        echo -en $cRESET
        Check_DNSCRYPT $TARGET
        if [ $STATUS -gt 0 ]; then
            UP=1
            break
        else
            echo -e $cRED
            TXT="using curl via '"$TARGET"'"
            Say "Monitoring DNSCRYPT connection" $TXT "check FAILED"
        fi
    done
    if [ $UP -gt 0 ]; then
        FAIL_CNT=0
        echo -e $cBGRE
        TXT="curl successfully checked DNSCRYPT via '"$TARGET"'"
        if [ -z "$(cru l | grep "$0")" ];then
            if [ -z "$ONCE" ];then
                if [ "$QUIET" != "quiet" ];then
                    Say "Monitoring DNSCRYPT connection OK.....("$TXT"). Will check DNSCRYPT again in" $INTERVAL_SECS "secs"
                    echo -en $cRESET
                fi
           
                sleep $INTERVAL_SECS
            else
                Say "Monitoring DNSCRYPT connection OK.....("$TXT")."
                echo -en $cRESET
                exit 0
            fi
        else
            if [ "$QUIET" != "quiet" ];then
                Say "Monitoring DNSCRYPT connection OK.....("$TXT"); Terminating due to ACTIVE cron schedule"
                echo -e $cRESET
            fi
            exit 0
        fi
    else
        FAIL_CNT=$((FAIL_CNT+1))
        if [ $FAIL_CNT -ge $MAX_FAIL_CNT ];then
            break
        fi 
        sleep $INTERVAL_ALL_FAILED_SECS
   
        if [ "$QUIET" != "quiet" ];then
            echo -e $cBWHT
            Say "Monitoring pass" $(($FAIL_CNT+1)) "out of" $TRIES
        fi
        echo -en $cRESET
    fi
done

echo -e $cBYEL"\a"
# Failure after $INTERVAL_ALL_FAILED_SECS*$MAX_FAIL_CNT secs ?
case "$ACTION" in
    DNSCRYPTONLY)
        Say "Restarting DNSCRYPT....(Action="$ACTION")"
        /jffs/dnscrypt/manager dnscrypt-start
        ;;
esac

echo -e $cRESET"\n"
@Martineau thank you so much!!! I will be getting this script loaded up shortly and will monitor accordingly. Thanks again for you help with this!! Owe you a beer if you ever make it to Texas.
 
Code:
if [ -z "$(grep "server=127.0.0.1#65054" /${ETC}/dnsmasq.conf)" ];then
    SayT "*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'"
    echo -e $cRED"\a\n\t*Warning dnscrypt directive 'server=127.0.0.1#65054' NOT configured in '/${ETC}/dnsmasq.conf'!\n"$cRESET
fi

Unless I'm misreading the script, I think that should be port 65053 not 65054.
 
Version 2.0.13 of dnscrypt-proxy is out:
https://github.com/jedisct1/dnscrypt-proxy/blob/master/ChangeLog

Sadly the dnscrypt installer does not install that version yet :D

If you want to 'do it youself' here are the instructions.
All 'risks are yours' so think carefully !!!

I am running ver 2.0.13 now but cannot vouch that there will be no problems/issues/bugs etc
(Including 'you' breaking something when you make this change !!! [Finger slips etc])

----------------------------------------------------------------------------------------------------------
Warning:

*** If you are not happy using vi or nano ***
*** DO NOT FOLLOW THESE INSTRUCTIONS OR IT MAY BREAK THINGS !!! ***
-------------------------------------------------------------------------------------------

In the /jffs/dnscrypt directory on your router there is a file called 'installer'.
This file is what installs/updates dnscrypt-proxy.

At the top of this file (script) is the version that will be installed.

ssh or telnet (depending on how you have set it up) to your router.
Use vi or nano to edit file. (You can install nano by running "opkg install nano")

At top of file edit "DNSCRYPT_VER=2.0.??" ---> change it to "DNSCRYPT_VER=2.0.13"

[Nano is an 'easy to use' editor .... you can 'cursor about' on the screen to edit lines of text rather like notepad or wordpad.]


Steps to follow: [or use 'WinSCP' ( https://winscp.net/eng/index.php) on MS Windows :)]

ssh to router.
cd /jffs/dnscrypt
cp installer [ORIG]installer
Edit file "installer" with vi or nano
Change ONLY this ----> "DNSCRYPT_VER=2.0.??" to this ----> "DNSCRYPT_VER=2.0.13"
save file
run "sh installer"

Select option 1

Answer 'Y' to all questions until it returns to the original menu.
Then answer 'Q' to quit.

It has updated dnscrypt to version 2.0.13


If there are any problems copy "[ORIG]installer" back to "installer" as follow:

cd /jffs/dnscrypt-proxy
cp [ORIG]installer installer
run "sh installer"
Answer 'Y' to all questions until it returns to the original menu.
Then answer 'Q' to quit.


----------------------------------------------------------------------------------------------------------
Repeat warning:
*** If you are not happy using vi or nano ***
*** DO NOT FOLLOW THESE INSTRUCTIONS OR IT MAY BREAK THINGS !!! ***
-------------------------------------------------------------------------------------------
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top