DNScrypt dnscrypt installer for asuswrt

[Delusion]

A couple of sed commands will do that then.
Let me see how I can do that automated before the installer kicks in.

it's enough to change the version line in the installer to the latest version:
DNSCRYPT_VER=2.0.29-beta.1

but adding to the menu the option to use Anonymized servers and even pick only them will be great

 

[Zastoff]

Anonymized DNS relays source file relays.md created and hopefully coming soon in a updated DNSCrypt-proxy version
IPv6 relay added

 

[Zastoff]

Version 2.0.29-beta.2/version 2.0.29-beta.3 released

• Support for Anonymized DNSCrypt has been added.
• Latency with large responses has actually been reduced.
• DNSCrypt certificates can now be retrieved over Tor, proxies, and DNS relays.
• Improved server error reporting (thanks to Alison Winters)
• Quite a lot of internal improvements and bug fixes have been made, thanks to Markus Linnala.
• Improved logging
• Added a workaround for DNS servers using a non-standard provider name

 

[Delusion]

Version 2.029-beta.2 released

• Support for Anonymized DNSCrypt has been added.
• Latency with large responses has actually been reduced.
• DNSCrypt certificates can now be retrieved over Tor, proxies, and DNS relays.
• Improved server error reporting (thanks to Alison Winters)
• Quite a lot of internal improvements and bug fixes have been made, thanks to Markus Linnala.

How exactly do you configure Anonymized Dnscrypt servers? can you share the section of the configuration?
Do I have to add server names and the snds's and write the name of the servers at the top of the config file?

 

[Zastoff]

How exactly do you configure Anonymized Dnscrypt servers? can you share the section of the configuration?
Do I have to add server names and the snds's and write the name of the servers at the top of the config file?

Just updated to beta.2

Spoiler: DNSCrypt log

Oct 20 15:58:50 dnscrypt-proxy[28777]: dnscrypt-proxy 2.0.29-beta.2
Oct 20 15:58:50 dnscrypt-proxy[28777]: Network connectivity detected
Oct 20 15:58:50 dnscrypt-proxy[28777]: Source [public-resolvers.md] loaded
Oct 20 15:58:50 dnscrypt-proxy[28777]: Anonymized DNS: routing [cs-swe] via [sdns://gRE1MS4xNS4xMDYuMTc2OjQ0Mw]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Anonymized DNS: routing [dnscrypt.eu-dk] via [sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Firefox workaround initialized
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.3:53 [UDP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.3:53 [TCP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.1:65053 [UDP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.1:65053 [TCP]
Oct 20 15:58:52 dnscrypt-proxy[28777]: [cs-swe] OK (DNSCrypt) - rtt: 12ms
Oct 20 15:58:55 dnscrypt-proxy[28777]: [dnscrypt.eu-dk] OK (DNSCrypt) - rtt: 20ms
Oct 20 15:58:55 dnscrypt-proxy[28777]: Sorted latencies:
Oct 20 15:58:55 dnscrypt-proxy[28777]: - 12ms cs-swe
Oct 20 15:58:55 dnscrypt-proxy[28777]: - 20ms dnscrypt.eu-dk
Oct 20 15:58:55 dnscrypt-proxy[28777]: Server with the lowest initial latency: cs-swe (rtt: 12ms)

You choose Servers thru menu or by editing dnscrypt-proxy.toml
From dnscrypt-proxy.toml file (almost at the top)

server_names = ['dnscrypt.eu-dk', 'cs-swe']

To add those server to Anonymized Dns relays you need to edit the dnscrypt-proxy.toml (almost at the bottom)
Also remove # infront of those line

[anonymized_dns]

## Routes are indirect ways to reach DNSCrypt servers.
##
## A route maps a server name ("server_name") to one or more relays that will be
## used to connect to that server.
##
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
##
## The following example routes "comodo-02" via `anon-kama` or `anon-ibksturm`,
## and "quad9-dnscrypt-ip4-nofilter-pri" via the relay whose relay DNS stamp
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
## These are just example routes. Review the list of available relays from the
## "relays.md` file, and, for each server you want to use, define the relays you
## want connections to go through.
##
## Carefully choose relays and servers so that the are run by different entities.
##
## "server_name" can also be set to "*" to define a default route, but this is not
## recommended. if you do so, keep "server_names" short and distinct from relays.

(example)
# routes = [
#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
#    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ]

(From my dnscrypt-proxy.toml below)
 routes = [
    { server_name='cs-fi', via=['sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw'] },
    { server_name='cs-swe', via=['sdns://gRE1MS4xNS4xMDYuMTc2OjQ0Mw'] },
    { server_name='dnscrypt.eu-dk', via=['sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw'] }
 ]

Here are the Relays
Also Anonymized Dnscrypt only works with DNSCrypt Servers (not DoH)

edit:1
Anonymized Dns need to be manually configured to work(SSH), Installer script needs to be updated for the new settings to be able choose from menu i guess or if @thelonelycoder can fix something thru amtm when dnscrypt-proxy is installed/updated

edit:2
Relays.md seems not to be correct at the moment
3 relays have the same sdns (anon-kama, anon-suami, anon-charis)
Think this post have the correct sdns for those 3 relays

edit:3
Relays.md should be fixed now

 

[Delusion]

Just updated to beta.2

Spoiler: DNSCrypt log

Oct 20 15:58:50 dnscrypt-proxy[28777]: dnscrypt-proxy 2.0.29-beta.2
Oct 20 15:58:50 dnscrypt-proxy[28777]: Network connectivity detected
Oct 20 15:58:50 dnscrypt-proxy[28777]: Source [public-resolvers.md] loaded
Oct 20 15:58:50 dnscrypt-proxy[28777]: Anonymized DNS: routing [cs-swe] via [sdns://gRE1MS4xNS4xMDYuMTc2OjQ0Mw]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Anonymized DNS: routing [dnscrypt.eu-dk] via [sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Firefox workaround initialized
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.3:53 [UDP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.3:53 [TCP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.1:65053 [UDP]
Oct 20 15:58:50 dnscrypt-proxy[28777]: Now listening to 127.0.0.1:65053 [TCP]
Oct 20 15:58:52 dnscrypt-proxy[28777]: [cs-swe] OK (DNSCrypt) - rtt: 12ms
Oct 20 15:58:55 dnscrypt-proxy[28777]: [dnscrypt.eu-dk] OK (DNSCrypt) - rtt: 20ms
Oct 20 15:58:55 dnscrypt-proxy[28777]: Sorted latencies:
Oct 20 15:58:55 dnscrypt-proxy[28777]: - 12ms cs-swe
Oct 20 15:58:55 dnscrypt-proxy[28777]: - 20ms dnscrypt.eu-dk
Oct 20 15:58:55 dnscrypt-proxy[28777]: Server with the lowest initial latency: cs-swe (rtt: 12ms)
You choose Servers thru menu or by editing dnscrypt-proxy.toml
From dnscrypt-proxy.toml file (almost at the top)

server_names = ['dnscrypt.eu-dk', 'cs-swe']

To add those server to Anonymized Dns relays you need to edit the dnscrypt-proxy.toml (almost at the bottom)
Also remove # infront of those line

[anonymized_dns]

## Routes are indirect ways to reach DNSCrypt servers.
##
## A route maps a server name ("server_name") to one or more relays that will be
## used to connect to that server.
##
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
##
## The following example routes "comodo-02" via `anon-kama` or `anon-ibksturm`,
## and "quad9-dnscrypt-ip4-nofilter-pri" via the relay whose relay DNS stamp
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
## These are just example routes. Review the list of available relays from the
## "relays.md` file, and, for each server you want to use, define the relays you
## want connections to go through.
##
## Carefully choose relays and servers so that the are run by different entities.
##
## "server_name" can also be set to "*" to define a default route, but this is not
## recommended. if you do so, keep "server_names" short and distinct from relays.

(example)
# routes = [
#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
#    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ]

(From my dnscrypt-proxy.toml below)
 routes = [
    { server_name='cs-fi', via=['sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw'] },
    { server_name='cs-swe', via=['sdns://gRE1MS4xNS4xMDYuMTc2OjQ0Mw'] },
    { server_name='dnscrypt.eu-dk', via=['sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw'] }
 ]

Here are the Relays
Also Anonymized Dnscrypt only works with DNSCrypt Servers (not DoH)

edit:1
Anonymized Dns need to be manually configured to work(SSH), Installer script needs to be updated for the new settings to be able choose from menu i guess or if @thelonelycoder can fix something thru amtm when dnscrypt-proxy is installed/updated

edit:2
Relays.md seems not to be correct at the moment
3 relays have the same sdns (anon-kama, anon-suami, anon-charis)
Think this post have the correct sdns for those 3 relays

But shouldn't those relays in the post come with server_name ? cause there are only sdns

 

[DonnyJohnny]

But shouldn't those relays in the post come with server_name ? cause there are only sdns

Yes they do... those bold name are the server name. And in the toml, they have example of using relay server name.
Only works after beta 2.

by the way, beta 3 just released with some small patching...

 

[Delusion]

We can also use Anonymized DNS like this (easier and better way to make sure everything routed via relays) :

routes = [
    { server_name='*', via=['anon-kama', 'anon-ibksturm', 'anon-charis', 'anon-suami'] }
}

dnscrypt-proxy[359]: dnscrypt-proxy 2.0.29-beta.3
dnscrypt-proxy[359]: Network connectivity detected
dnscrypt-proxy[359]: Source [public-resolvers.md] loaded
dnscrypt-proxy[359]: Source [relays.md] loaded
dnscrypt-proxy[359]: Anonymized DNS: routing everything via [anon-kama anon-ibksturm anon-charis anon-suami]
dnscrypt-proxy[359]: Firefox workaround initialized
dnscrypt-proxy[359]: Now listening to 127.0.0.1:65053 [UDP]
dnscrypt-proxy[359]: Now listening to 127.0.0.1:65053 [TCP]

 

[dugaduga]

Centralized big tech DoH is now officially depreciated, this anonymous DNS blows the competition out of the water

 

[DonnyJohnny]

Centralized big tech DoH is now officially depreciated, this anonymous DNS blows the competition out of the water

yeah... now I am using this anonymized dnscrypt. Pretty cool. An extra layer of protection against fingerprinting individual devices.
Also, I have used random relays to spread the queries.

 

[thelonelycoder]

Quick question:
In amtm, should I always set the latest DNSCrypt proxy version (currently 2.0.29-beta.3) in the dnscrypt installer?
One does not have to update the proxy part once the initial version is installed but could with "1) Install/Update dnscrypt-proxy" in the installer menu.
It would then install the latest (beta) release of https://github.com/DNSCrypt/dnscrypt-proxy/releases

 

[Zastoff]

Quick question:
In amtm, should I always set the latest DNSCrypt proxy version (currently 2.0.29-beta.3) in the dnscrypt installer?
One does not have to update the proxy part once the initial version is installed but could with "1) Install/Update dnscrypt-proxy" in the installer menu.
It would then install the latest (beta) release of https://github.com/DNSCrypt/dnscrypt-proxy/releases

That would be really nice Guess you added a sort of check and installer gets modified to the newest version right?
Added a way to enable anonymized dns? and setting relays?

 

[thelonelycoder]

That would be really nice Guess you added a sort of check and installer gets modified to the newest version right?
Added a way to enable anonymized dns? and setting relays?

I did indeed, always uses the latest DNSCrypt proxy version number.
But the "server_names = ['dnscrypt.eu-dk']" in the dnscrypt-proxy.toml file seems not so simple to change before the installer kicks in.
This line is usually modified by users I believe in the installer menu when configuring the settings?

 

[Zastoff]

Yes user can choose servers when doing a new install or even a automatic choice (never tried that, think it chooses servers with lowest ping)
And user get a choice when updating dnscrypt-proxy to keep old setting/servers and servers can be change thru menu also,
SSH and modify dnscrypt-proxy.toml is also a option

 

[Zastoff]

To get anonymized dns working: Modify /jffs/dnscrypt/dnscrypt-proxy.toml

# routes = [
#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
#    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ]

The # need to be removed
and server_name=changed to your chosen servers or '*'(Same relay servers for all DNS Servers you set) and set the relay servers you want(closest to your DNS servers but not the same provider of your chosen DNS servers, defeats the idea of anonymized dns)
Like this post
or as above without the #
save and close dnscrypt-proxy.toml
And then Restart DNSCrypt-proxy with:

/jffs/dnscrypt/manager dnscrypt-start

Note: Anonymized dns is only for dnscrypt servers, DoH servers is not supported at the moment(think they are working on it)

 

[thelonelycoder]

To get anonymized dns working: Modify /jffs/dnscrypt/dnscrypt-proxy.toml

# routes = [
#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
#    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ]

The # need to be removed
and server_name=changed to your chosen servers or '*'(Same relay servers for all DNS Servers you set) and set the relay servers you want(closest to your DNS servers but not the same provider of your chosen DNS servers, defeats the idea of anonymized dns)
Like this post
or as above without the #
save and close dnscrypt-proxy.toml
And then Restart DNSCrypt-proxy with:

/jffs/dnscrypt/manager dnscrypt-start

Alright. I'll leave that to the users ATM.
I got the dnscrypt installer sorted out and it's no longer deprecated in amtm, arriving with the next release to a router near you.

 

[Zastoff]

Alright. I'll leave that to the users ATM.
I got the dnscrypt installer sorted out and it's no longer deprecated in amtm, arriving with the next release to a router near you.

Splendid
Manged to get DNSCRYPT_VER in there? so version is displayed in amtm and works with update check?

 

[thelonelycoder]

Splendid
Manged to get DNSCRYPT_VER in there? so version is displayed in amtm and works with update check?

Not with the u update check ATM, maybe in the following amtm version. I need to release amtm so I can finalize the next Diversion release
But it does check for a new DNSCrypt-proxy version every time you open dnscrypt installer, which is also nice

 

[thelonelycoder]

amtm 2.8 is now available

Now again supports installation of dnscrypt installer, and more.

 

[ZeMitras]

Hello,

Additional information regarding the load balancing of the relays, when multiple relays are set for a server (from here):
Currently, a random relay of each list will be chosen for each resolver, and that relay will be used until the end of the session. But the plan is to be able to either use a random relay for every query, or automatically use the fastest ones.