What's new

The Dnscrypt Blues?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Elmer

Senior Member
AC88 using 384.10 beta 2 (same behavior noted on 384.8 and 384.9) with:
amtm
diversion
dnscrypt
using dnsfilter with quad9.

Router crashes on a 4 to 5 day basis. I think is is a dnscrypt problem, although miniupnpd raises it's head once in a while). There is a plex server online, but it's only involved in one instance. Here are excerpts from the logs leading up to a crash:

Mar 22 05:15:31 dnsmasq[15075]: possible DNS-rebind attack detected: 192-168-1-95.abcdefghijklmnopqrstuvwxyz012345.plex.direct
Mar 22 05:16:39 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 05:16:40 asusRouter: Start dnscrypt-proxy
Mar 22 05:16:41 dnscrypt-proxy[207]: Stopped.
Mar 22 05:16:44 dnscrypt-proxy[30631]: dnscrypt-proxy 2.0.19
Mar 22 05:16:44 dnscrypt-proxy[30631]: Dropping privileges
Mar 22 05:16:44 dnscrypt-proxy[30631]: Source [public-resolvers.md] loaded
Mar 22 05:16:44 dnscrypt-proxy[30631]: dnscrypt-proxy 2.0.19
Mar 22 05:16:44 dnscrypt-proxy[30631]: Now listening to 127.0.0.1:65053 [UDP]
Mar 22 05:16:44 dnscrypt-proxy[30631]: Now listening to 127.0.0.1:65053 [TCP]
Mar 22 05:16:45 dnscrypt-proxy[30631]: [quad9-dnscrypt-ip4-filter-pri] OK (crypto v1) - rtt: 56ms
Mar 22 05:16:45 dnscrypt-proxy[30631]: [quad9-dnscrypt-ip4-filter-alt] OK (crypto v1) - rtt: 18ms
Mar 22 05:16:45 dnscrypt-proxy[30631]: Server with the lowest initial latency: quad9-dnscrypt-ip4-filter-alt (rtt: 18ms)
Mar 22 05:16:45 dnscrypt-proxy[30631]: dnscrypt-proxy is ready - live servers: 2

Mar 22 06:06:47 miniupnpd[800]: send(res_buf): Connection reset by peer
Mar 22 06:06:47 miniupnpd[800]: send(res_buf): Connection reset by peer
Mar 22 06:06:47 miniupnpd[800]: send(res_buf): Connection reset by peer
Mar 22 06:07:00 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 06:07:00 asusRouter: Start dnscrypt-proxy
Mar 22 06:07:02 dnscrypt-proxy[1147]: Stopped.
Mar 22 06:07:04 dnscrypt-proxy[2078]: dnscrypt-proxy 2.0.19
Mar 22 06:07:04 dnscrypt-proxy[2078]: Dropping privileges
Mar 22 06:07:05 dnscrypt-proxy[2078]: Source [public-resolvers.md] loaded
Mar 22 06:07:05 dnscrypt-proxy[2078]: dnscrypt-proxy 2.0.19
Mar 22 06:07:05 dnscrypt-proxy[2078]: Now listening to 127.0.0.1:65053 [UDP]
Mar 22 06:07:05 dnscrypt-proxy[2078]: Now listening to 127.0.0.1:65053 [TCP]
Mar 22 06:07:06 dnscrypt-proxy[2078]: [quad9-dnscrypt-ip4-filter-pri] OK (crypto v1) - rtt: 216ms
Mar 22 06:07:06 dnscrypt-proxy[2078]: [quad9-dnscrypt-ip4-filter-alt] OK (crypto v1) - rtt: 19ms
Mar 22 06:07:06 dnscrypt-proxy[2078]: Server with the lowest initial latency: quad9-dnscrypt-ip4-filter-alt (rtt: 19ms)
Mar 22 06:07:06 dnscrypt-proxy[2078]: dnscrypt-proxy is ready - live servers: 2

Mar 22 06:08:23 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 06:08:25 asusRouter: Start dnscrypt-proxy
Mar 22 06:08:29 dnscrypt-proxy[2136]: dnscrypt-proxy 2.0.19
Mar 22 06:08:30 dnscrypt-proxy[2136]: listen udp 127.0.0.1:65053: bind: address already in use
Mar 22 06:08:56 nat: apply redirect rules
Mar 22 06:08:59 WAN_Connection: ISP's DHCP did not function properly.

Mar 22 06:09:08 DualWAN: skip single wan wan_led_control - WANRED off
Mar 22 06:09:29 asusRouter: Warning: dnscrypt-proxy is dead
Mar 22 06:09:29 asusRouter: Start dnscrypt-proxy
Mar 22 06:09:34 dnscrypt-proxy[2397]: Source [public-resolvers.md] loaded
Mar 22 06:09:34 dnscrypt-proxy[2397]: dnscrypt-proxy 2.0.19
Mar 22 06:09:34 dnscrypt-proxy[2397]: Dropping privileges
Mar 22 06:09:37 dnscrypt-proxy[2397]: dnscrypt-proxy 2.0.19
Mar 22 06:09:38 dnscrypt-proxy[2397]: Now listening to 127.0.0.1:65053 [UDP]
Mar 22 06:09:38 dnscrypt-proxy[2397]: Now listening to 127.0.0.1:65053 [TCP]
Mar 22 06:09:38 dnscrypt-proxy[2397]: [quad9-dnscrypt-ip4-filter-pri] OK (crypto v1) - rtt: 105ms
Mar 22 06:09:38 dnscrypt-proxy[2397]: [quad9-dnscrypt-ip4-filter-alt] OK (crypto v1) - rtt: 18ms
Mar 22 06:09:38 dnscrypt-proxy[2397]: Server with the lowest initial latency: quad9-dnscrypt-ip4-filter-alt (rtt: 18ms)
Mar 22 06:09:38 dnscrypt-proxy[2397]: dnscrypt-proxy is ready - live servers: 2
Mar 22 06:10:25 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 06:10:26 asusRouter: Start dnscrypt-proxy
Mar 22 06:10:45 dnscrypt-proxy[2440]: Source [public-resolvers.md] loaded
Mar 22 06:10:45 dnscrypt-proxy[2440]: dnscrypt-proxy 2.0.19
Mar 22 06:10:45 dnscrypt-proxy[2440]: listen udp 127.0.0.1:65053: bind: address already in use
Mar 22 06:11:57 dnscrypt-proxy[2397]: Stopped.
Mar 22 06:13:46 kernel: tdts_core_ioctl_udb_op_prog_ctrl() fail!
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:14:35 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:14:38 asusRouter: Warning: dnscrypt-proxy is dead
Mar 22 06:14:38 asusRouter: Start dnscrypt-proxy
Mar 22 06:14:43 dnscrypt-proxy[2490]: dnscrypt-proxy 2.0.19
Mar 22 06:14:43 dnscrypt-proxy[2490]: Dropping privileges
Mar 22 06:14:45 dnscrypt-proxy[2490]: dnscrypt-proxy 2.0.19
Mar 22 06:14:45 dnscrypt-proxy[2490]: Now listening to 127.0.0.1:65053 [UDP]
Mar 22 06:14:45 dnscrypt-proxy[2490]: Now listening to 127.0.0.1:65053 [TCP]
Mar 22 06:14:45 dnscrypt-proxy[2490]: [quad9-dnscrypt-ip4-filter-pri] OK (crypto v1) - rtt: 103ms
Mar 22 06:14:45 dnscrypt-proxy[2490]: [quad9-dnscrypt-ip4-filter-alt] OK (crypto v1) - rtt: 19ms
Mar 22 06:14:45 dnscrypt-proxy[2490]: Server with the lowest initial latency: quad9-dnscrypt-ip4-filter-alt (rtt: 19ms)
Mar 22 06:14:45 dnscrypt-proxy[2490]: dnscrypt-proxy is ready - live servers: 2
Mar 22 06:16:25 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 06:16:25 asusRouter: Start dnscrypt-proxy
Mar 22 06:16:27 dnscrypt-proxy[2490]: Stopped.

Mar 22 06:30:29 nat: apply redirect rules error!
Mar 22 06:30:33 WAN_Connection: ISP's DHCP did not function properly.
Mar 22 06:30:28 dnsmasq-dhcp[15075]: DHCPREQUEST(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:30:42 dnsmasq-dhcp[15075]: DHCPACK(br0) 192.168.1.134 58:c3:8b:67:75:9c android-b53b40ae44727e11
Mar 22 06:30:43 dnsmasq-dhcp[15075]: DHCPDISCOVER(br0) 58:c3:8b:67:75:9c
Mar 22 06:30:43 dnsmasq-dhcp[15075]: DHCPOFFER(br0) 192.168.1.134 58:c3:8b:67:75:9c
Mar 22 06:31:34 DualWAN: skip single wan wan_led_control - WANRED off
Mar 22 06:31:43 nat: apply redirect rules
Mar 22 06:32:54 WAN_Connection: WAN was restored.

Mar 22 06:48:04 asusRouter: Warning: dnscrypt-proxy is not responding
Mar 22 05:44:24 syslogd started: BusyBox v1.25.1
Mar 22 05:44:24 kernel: klogd started: BusyBox v1.25.1 (2019-03-17 13:07:21 EDT)
Mar 22 05:44:24 kernel: Linux version 2.6.36.4brcmarm (merlin@ubuntu-dev) (gcc version 4.5.3 (Buildroot 2012.02) ) #1 SMP PREEMPT Sun Mar 17 13:17:11 EDT 2019
Mar 22 05:44:24 kernel: CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
Mar 22 05:44:24 kernel: CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
 
I had Dnscrypt-proxy v2.0.19 running fine on Merlin 384.9 (migrated unchanged from Merlin 384.8). And is now running great using Dnscrypt-proxy v2.0.21.

Rock solid for me on my RT-AC3200 with SkyNet and FreshJR QOS Mod.
 
Last edited:
I had a problem with DNSCrypt: it ran perfectly for a few weeks and then I lost connectivity. Things went from bad to worse and, after a factory reset, and no more DNSCrypt, my RT-AC68U was back to being the model of reliability.

As you have a fairly repeatable or regular glitch, I’d try uninstalling the most likely culprit and run until you are certain that either that was the culprit or it wasn’t. And do report back to give us feedback please.
 
Well, I'm sure things would get better if I dropped dnscrypt, but I want dnscrypt. I have an ISP that is extremely intrusive and has been caught in the past reading/selling DNS queries (and more) even when the user is using the non-ISP DNS server and dnssec. So, that said, is my only option to move to something like openWRT, or can we try to figure out the underlying problem here?
 
I had the same problem of Dnscrypt stopping every few days on my AC86U. I removed it and started running Stubby DNS over TLS. I have had not one problem with Stubby and feel my overall performance it better, and all the checks to verify it encrypting DNS are positive.

Here is the Stubby thread.
https://www.snbforums.com/threads/stubby-installer-asuswrt-merlin.49469/
 
IMHO, people should consider switching from DNSCrypt to Stubby + DoT, as this is the way to go forward. I expect DNSCrypt to eventually disappear, as the industry will embrace DoT (and DoH).
 
Thanks! I'll give that a spin!
Switched to stubby, diversion wasn't too happy, but finally adjusted after a reinstall. Will let you know about stability in a few days. Thanks again.
 
IMHO, people should consider switching from DNSCrypt to Stubby + DoT, as this is the way to go forward. I expect DNSCrypt to eventually disappear, as the industry will embrace DoT (and DoH).
Gladly when the install is as simple as dnscrypt.
 
Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top