What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Random number generation is used in the encryption process.
 
Random number generation is used in the encryption process.
Thank @skeal for your quick response!....Learning everyday from all great help on this forum!
 
If u kill dnscrypt-proxy, then dns don’t work. Mean dnscrypt is working. But in order to prove that it is on doh, you may need a switch in between the router and modem and use a pc between them installed with wire shark to see the packet. The queries should be encrypted and you shouldn’t see it in port 53 coz it will be going thru 443.

Thanks! Was hoping for an easier test..
 
Any idea why some websites complain about:

This site can’t provide a secure connection
invalid response.

on a different network, it works ok...
strange.
 
Anyone else getting instances like this kind of often?

Code:
Jun 27 11:50:57 admin: Warning: dnscrypt-proxy is not responding
Jun 27 11:50:57 dnscrypt-proxy[31135]: Stopped.
Jun 27 11:50:57 admin: Start dnscrypt-proxy
Jun 27 11:50:57 dnscrypt-proxy[671]: Source [public-resolvers.md] loaded
Jun 27 11:50:57 dnscrypt-proxy[671]: dnscrypt-proxy 2.0.15
Jun 27 11:50:57 dnscrypt-proxy[671]: Now listening to 127.0.0.1:65053 [UDP]
Jun 27 11:50:57 dnscrypt-proxy[671]: Now listening to 127.0.0.1:65053 [TCP]
Jun 27 11:50:57 dnscrypt-proxy[671]: [cloudflare] OK (DoH) - rtt: 14ms
Jun 27 11:50:57 dnscrypt-proxy[671]: [cloudflare-ipv6] OK (DoH) - rtt: 16ms
Jun 27 11:50:57 dnscrypt-proxy[671]: Server with the lowest initial latency: cloudflare (rtt: 14ms)
Jun 27 11:50:57 dnscrypt-proxy[671]: dnscrypt-proxy is ready - live servers: 2

It restarts OK. Its why it took me a while to notice it (don't look at the syslog to often).
 
I wish I could use it, but I gave up on it. On my ac86u, its so unstable using cloudflare dns (havent tried other ones), crashes within 2 minutes of a router restart. Very unstable. I don't know why, but that is with AND without fake-hwclock, so I doubt its a date/time problem.
 
Any idea why some websites complain about:

This site can’t provide a secure connection
invalid response.

on a different network, it works ok...
strange.
Sorry, not enough detail to make any reply :)
 
I wish I could use it, but I gave up on it. On my ac86u, its so unstable using cloudflare dns (havent tried other ones), crashes within 2 minutes of a router restart. Very unstable. I don't know why, but that is with AND without fake-hwclock, so I doubt its a date/time problem.
Odd. Other than my other post where it crashes but restarts without issue it has been running on my 86 with fake hardware clock for a while now.

Which actually kinda surprises me with all the crazy scripts i have loaded. lol
 
Odd. Other than my other post where it crashes but restarts without issue it has been running on my 86 with fake hardware clock for a while now.

Which actually kinda surprises me with all the crazy scripts i have loaded. lol

Thanks, but that leaves me confused then. I am using ab-solution with AB-Maximum, Skynet and pixelserv. I have a swap file. I am unable to get dnscrypt to become stable at all, so I dunno... :\

Very stable without dnscrypt... No idea why it would randomly crash.
 
Hi everyone,

I'm just learning about setting up DNScrypt. I have a complicated question:

Is there a way to force all clients to use dnscrypt to encrypt their upstream DNS queries, but still continue using the Asus AiProtect DNS Filtering feature to force all my network clients to first use the router itself for dhcp and dnsmasq local domain resolution??? I don't want to enable dnscrypt and have it unnecessarily send all queries to the upstream provider. The router's internal dnsmasq is useful to me and I want dnscrypt to play nice.

@thelonelycoder you included dnscrypt in your amtm script, so you probably have a great understanding of how compatible dnscryt is with ab-solution and similar Dnsmasq filtering???


To give you an idea, here are the settings I've happily been using the past 2 years (without dnscrypt):

1) AiProtection / DNS Filtering
Enable DNS-based Filtering: On
Global Filter Mode: Router
2) WAN / WAN DNS Setting
Connect to DNS Server automatically: No
DNS Server 1: 1.1.1.1
DNS Server 2: 1.0.0.1
3) LAN / DHCP Server - DNS and WINS Server Setting
DNS Server 1 & 2: Blank
Advertise router's IP...: Yes
Forward local domain queries to upstream DNS: No
Enable DNSSEC support: No

Again, note to reader that I wanted local domain resolutions to work, therefore I set "Global Filter Mode: Router" to force redirect dns queries on port 53 to the Router first, so then the router's dnsmasq could do it's job, and clients would still be forced to send the rest of their queries upstream to only the servers I specified under WAN DNS Settings (in my case, it was Cloudflare's 1.1.1.1 and 1.0.0.1).
 
Last edited:
Anyone else getting instances like this kind of often?

Code:
Jun 27 11:50:57 admin: Warning: dnscrypt-proxy is not responding
Jun 27 11:50:57 dnscrypt-proxy[31135]: Stopped.
Jun 27 11:50:57 admin: Start dnscrypt-proxy
Jun 27 11:50:57 dnscrypt-proxy[671]: Source [public-resolvers.md] loaded
Jun 27 11:50:57 dnscrypt-proxy[671]: dnscrypt-proxy 2.0.15
Jun 27 11:50:57 dnscrypt-proxy[671]: Now listening to 127.0.0.1:65053 [UDP]
Jun 27 11:50:57 dnscrypt-proxy[671]: Now listening to 127.0.0.1:65053 [TCP]
Jun 27 11:50:57 dnscrypt-proxy[671]: [cloudflare] OK (DoH) - rtt: 14ms
Jun 27 11:50:57 dnscrypt-proxy[671]: [cloudflare-ipv6] OK (DoH) - rtt: 16ms
Jun 27 11:50:57 dnscrypt-proxy[671]: Server with the lowest initial latency: cloudflare (rtt: 14ms)
Jun 27 11:50:57 dnscrypt-proxy[671]: dnscrypt-proxy is ready - live servers: 2

It restarts OK. Its why it took me a while to notice it (don't look at the syslog to often).
I have been seeing this lately with the Alpha of 384.6 and it started right after enabling DNSSEC in LAN\DHCP settings. After disabling that, dnscrypt has not stopped in 30 minutes, which I'll continue to monitor.
 
Lonelycoder,

Will you be updating the script for AMTM?

Thanks,

J
 
Hi Bigeyes,

I have a question, when I go to manually select the Dnsec servers the installer is no longer giving me the details on the servers (e.g. the IP, location). It simply gives me the name of the server. I am unsure what I could be doing wrong and I have uninstalled, reinstalled etc. to no avail.

Any ideas would be appreciated.

Thank you,

J
 
File format of the resolver list changed leading into some display issues as mentioned by @johnathonm , fixed it in dev and updated to 2.0.16. I have also started using dnscrypt-proxy new feature to drop to nobody as well as its own self healing ability instead of checking the process every 10s by my script. You guys can check it out by installing the dev version with:
Code:
curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/dev/installer && sh installer dev ; rm installer

If everything is ok I will merge it to master.
 
Hi again,

When I go to set the timezone the following is happening:


=> Do you want to proceed? [y/n]: y
Info: manager is up to date. Skipping...
Info: Downloading tzdata-2018c-1-any.pkg.tar.bz2
tar: invalid option -- 'j'
BusyBox v1.28.3 () multi-call binary.

Usage: tar c|x|t [-zhvO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [FILE]...

Create, extract, or list files from a tar file

Operation:
c Create
x Extract
t List
-f FILE Name of TARFILE ('-' for stdin/out)
-C DIR Change to DIR before operation
-v Verbose
-z (De)compress using gzip
-O Extract to stdout
-h Follow symlinks
-T FILE File with names to include
-X FILE File with glob patterns to exclude
Info: Available timezones/locations:
tar: invalid option -- 'j'
BusyBox v1.28.3 () multi-call binary.

Usage: tar c|x|t [-zhvO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [FILE]...

Create, extract, or list files from a tar file

Operation:
c Create
x Extract
t List
-f FILE Name of TARFILE ('-' for stdin/out)
-C DIR Change to DIR before operation
-v Verbose
-z (De)compress using gzip
-O Extract to stdout
-h Follow symlinks
-T FILE File with names to include
-X FILE File with glob patterns to exclude
 
2.0.16 dev seems to work fine. thank you.
2.0.16 much more stable than 2.0.15 - This version performing fine now with none of the endless loop errors below
Jun 27 11:50:57 admin: Warning: dnscrypt-proxy is not responding
Jun 27 11:50:57 dnscrypt-proxy[31135]: Stopped.
Jun 27 11:50:57 admin: Start dnscrypt-proxy
Jun 27 11:50:57 dnscrypt-proxy[671]: Source [public-resolvers.md] loaded
Jun 27 11:50:57 dnscrypt-proxy[671]: dnscrypt-proxy 2.0.15
Thanks Bigeyes0x0
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top