Voxel Voxel LBR20 DNSCrypt

[egauk]

I just installed Voxel V9.2.5.2.24SF-HW on my LBR20 and it is working great except for dnscrypt, which only accepts requests over WiFi after the LBR is fully booted and I restart the dnscrypt service. It seems dnscrypt may be starting too early in the boot process (before all of the interfaces are up).

Has anyone else encountered this issue? Any suggested workarounds? Thanks

 

[Voxel]

I just installed Voxel V9.2.5.2.24SF-HW on my LBR20 and it is working great except for dnscrypt, which only accepts requests over WiFi after the LBR is fully booted and I restart the dnscrypt service. It seems dnscrypt may be starting too early in the boot process (before all of the interfaces are up).

Has anyone else encountered this issue? Any suggested workarounds? Thanks

Good. LBR20 firmware becomes popular

Try to perform (ssh or telnet session):

nvram set dnscrypt2_disable_settime=1
nvram commit
reboot

and check again.

Voxel.

 

[egauk]

That seems to have resolved the issue - thank you! I really appreciate the time you have put into making your firmware available for the LBR20, fantastic work!

 

[Voxel]

That seems to have resolved the issue - thank you! I really appreciate the time you have put into making your firmware available for the LBR20, fantastic work!

I am glad to see that you, guys, are using dnscrypt service. Really good for any VPN and for regular use (your privacy).

Voxel.

 

[egauk]

After letting my Orbi run for a few days the issue persists - again seems to be during an interface change like a WAN interface IP renew (forced by the carrier).

Here are my additional observations and comments.

1. Restarting dnscrypt does not always resolve the issue
2. Restarting the Orbi does not always resolve the issue
3. I have tried both nvram set dnscrypt2_disable_settime=1 and nvram set dnscrypt2_disable_settime=0
4. When DNS is not working over wifi it does still work locally on the Orbi (tests performed via an SSH session)
5. I have tried multiple client devices, all experience the same issue. If I force the client to use manually configured DNS then lookups work fine.
6. dnscrypt is currently in a non-working state over wifi, I will leave this way to collect any requested logs
7. dnscrypt logs don't show any errors. Note: I removed my NextDNS ID from the below for privacy purposes

[2021-08-05 19:58:32] [NOTICE] dnscrypt-proxy 2.0.45
[2021-08-05 19:58:32] [NOTICE] Network connectivity detected
[2021-08-05 19:58:32] [NOTICE] Now listening to 127.0.0.1:64153 [UDP]
[2021-08-05 19:58:32] [NOTICE] Now listening to 127.0.0.1:64153 [TCP]
[2021-08-05 19:58:32] [NOTICE] Now listening to [::1]:64153 [UDP]
[2021-08-05 19:58:32] [NOTICE] Now listening to [::1]:64153 [TCP]
[2021-08-05 19:58:33] [NOTICE] Source [public-resolvers] loaded
[2021-08-05 19:58:34] [NOTICE] Source [relays] loaded
[2021-08-05 19:58:34] [NOTICE] Firefox workaround initialized
[2021-08-05 19:58:35] [NOTICE] [NextDNS-Removed] OK (DoH) - rtt: 70ms
[2021-08-05 19:58:35] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 70ms)
[2021-08-05 19:58:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
[2021-08-05 23:58:36] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 101ms)
[2021-08-06 03:58:36] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 53ms)
[2021-08-06 07:58:36] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 41ms)
[2021-08-06 11:58:36] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 74ms)
[2021-08-06 15:58:37] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 77ms)
[2021-08-06 19:58:38] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 60ms)
[2021-08-06 23:58:39] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 81ms)
[2021-08-07 03:58:40] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 53ms)
[2021-08-07 07:58:41] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 54ms)
[2021-08-07 11:58:43] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 81ms)
[2021-08-07 15:58:44] [NOTICE] Server with the lowest initial latency: NextDNS-Removed (rtt: 71ms)

 

[Voxel]

Try to test with another provider, not only NextDNS. I am using dnscrypt with all routers I have including LBR20. Over Wi-Fi. No problems for me. But I am using not DoH but DNSCrypt servers.

My setting

nvram set dnscrypt2_disable_settime=1

for LBR20.

Voxel.

 

[egauk]

Thank you for the suggestion. It seems there are possible issues with DNSCrypt specifically with NextDNS or the carrier blocking access to NextDNS. I switched to Stubby with NextDNS, which has been working fine for almost 24-hours now. Will continue to test for a few more days and report back.

 

[egauk]

Stubby is still working well. Would it be possible to upgrade to Stubby v0.4.0 in your next release wave?

Release Stubby - v0.4.0 · getdnsapi/stubby

We announce the intention to remove the dnsovertls*.sinodun.com servers from the default resolver list in the next release, see #286 for details. Add ability to run Stubby as a full Windows servi...

github.com

 

[jddebug]

I am glad to see that you, guys, are using dnscrypt service. Really good for any VPN and for regular use (your privacy).

Voxel.

I'm trying to get dnscrypt working. I'm a novice at Linux. I created the /tmp/mnt/circle/overlay/etc directory and added dnscrypt-proxy-2.toml and I did the nvram set dnscrypt2=1 nvram commit reboot.
nvram set dnscrypt2_disable_settime=1
nvram commit
reboot

As far as I can tell it is not working. Can you give me any suggestions to make sure its working? I'm wanting to use quad9.net dns service. Do I need to do anything in the web interface? There are DNS addresses there too.

I get this when I do a dig.

root@LBR20:~# dig +short txt qnamemintest.internet.nl
a.b.qnamemin-test.internet.nl.
"NO - QNAME minimisation is NOT enabled on your resolver "

This is my .toml as downloaded from quad9:

[sources.quad9-resolvers]
urls = ["https://quad9.net/dnscrypt/quad9-resolvers.md", "https://raw.githubusercontent.com/Quad9DNS/dnscrypt-settings/main/dnscrypt/quad9-resolvers.md"]
minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
cache_file = "quad9-resolvers.md"
refresh_delay = 72
prefix = "quad9-"

 

[Voxel]

As far as I can tell it is not working. Can you give me any suggestions to make sure its working? I'm wanting to use quad9.net dns service. Do I need to do anything in the web interface? There are DNS addresses there too.

I did not try to use quad9.net. I permanently use dnscrypt with my LBR20 (doh-cleanbrowsing-family, parental control).

But did you try other servers e.g. cloudflare?

What is inside your log /var/log/dnscrypt-proxy-2.log ?


Voxel.