Which DNS encryption script do I use?

MatrixGeeker

Regular Contributor
AC88U router here with Merlin

I have entware/AMTM and Diversion all set up.

So which script do I use for encrypting dns? I here about dnscrypt proxy/dnscrypt abd stubby

I'm reading different things and its confusing as to which one to use.
 

Zastoff

Very Senior Member
I would say it comes down to what DNS servers you want to use.
DoT (WAN > Dns Privacy Protocol) Included in Asuswrt-Merlin is a good option and as @Treadler say it`s easiest ;)
DNSCrypt-proxy: Supports DoH and DNSCrypt protocol, Gives good info in syslog and has a lot of servers and more options built in for users wiki & features
And it now also supports Anonymized DNSCrypt wiki and option to setup up NextDNS if wanted from DNSCrypt installer menu.
 
Last edited:

Treadler

Very Senior Member
I would say it comes down to what DNS servers you want to use.
DoT (WAN > Dns Privacy Protocol) Included in Asuswrt-Merlin is a good option and as @Treadler say it`s easiest ;)
DNSCrypt-proxy: Supports DoH and DNSCrypt protocol, Gives good info in syslog and has a lot of servers and more options built in for users wiki & features
And it now also supports Anonymized DNSCrypt wiki and option to setup up NextDNS if wanted from DNSCrypt installer menu.

A question from an amateur then.

I installed Dnscrypt via amtm.
All looked good & happy, router rebooted.
I did a dns leak test, & it showed I was still using the servers I had manually entered in both wan, & IPv6. (Cleanbrowsing).
(These servers were different from the ones I specified manually in the Dnscrypt instal - Cloudflare)
I wanted to end up with DoH via Cloudflare.

I have both IPv4 & 6.
I have dns filter set to ‘router’.
I have enabled dns rebind protection, & dnssec.
I disabled dns privacy prior to the Dnscrypt install.

What did I forget/do wrong?
 

Zastoff

Very Senior Member
A question from an amateur then.

I installed Dnscrypt via amtm.
All looked good & happy, router rebooted.
I did a dns leak test, & it showed I was still using the servers I had manually entered in both wan, & IPv6. (Cleanbrowsing).
(These servers were different from the ones I specified manually in the Dnscrypt instal - Cloudflare)
I wanted to end up with DoH via Cloudflare.

I have both IPv4 & 6.
I have dns filter set to ‘router’.
I have enabled dns rebind protection, & dnssec.
I disabled dns privacy prior to the Dnscrypt install.

What did I forget/do wrong?
Test to set in gui: Under Tools/Other settings: Wan: Use local caching DNS server as system resolver (default: No)=Yes
and try again (think the default was yes in earlier firmwares)
 

Treadler

Very Senior Member
Test to set in gui: Under Tools/Other settings: Wan: Use local caching DNS server as system resolver (default: No)=Yes
and try again (think the default was yes in earlier firmwares)

& it works! Many thanks! :)
EDIT: no, broken again. Guess I’ll go back to DoT.
 
Last edited:

Zastoff

Very Senior Member

Treadler

Very Senior Member
What happend?

All was working well, tests showed I was using Cloudflare.

Then after a short while my dns servers, as reported on more than one site, reverted to Cleanbrowsing.

Uninstalled dnscrypt, re enabled DoT, & Cloudflare is being reported once more.

Im confused......
 

Zastoff

Very Senior Member
Could be a browser cache issue
I have no issues with with sites reporting my selected(isp) wan dns servers
Only the ones chosen in DNSCrypt
 
Last edited:

Xentrk

Part of the Furniture
AC88U router here with Merlin

I have entware/AMTM and Diversion all set up.

So which script do I use for encrypting dns? I here about dnscrypt proxy/dnscrypt abd stubby

I'm reading different things and its confusing as to which one to use.
I use the built in DoT on the WAN page and use Cloudflare servers. Easy setup.

This is a nice summary of the DNS options.
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+-+The+Solutions

DNSCrypt has some disadvantages you should be aware of.
 

Zastoff

Very Senior Member
DNSCrypt has some disadvantages you should be aware of.
And once again..that is from December 6, 2017 and compared to dnscrypt v1
More then 35 releases of DNSCrypt-proxy since then
https://www.snbforums.com/threads/release-dnscrypt-installer-for-asuswrt.36071/page-73#post-543671
and
DoT DoH & DNSCrypt v2
Practical considerations
All the solutions above offer the same practical security level. Compatibility with existing tools and infrastructure is what makes an actual difference
And we got all of them to choose from :)
So it comes down to what DNS Servers and options the user need
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
A question from an amateur then.

I installed Dnscrypt via amtm.
All looked good & happy, router rebooted.
I did a dns leak test, & it showed I was still using the servers I had manually entered in both wan, & IPv6. (Cleanbrowsing).
(These servers were different from the ones I specified manually in the Dnscrypt instal - Cloudflare)
I wanted to end up with DoH via Cloudflare.

I have both IPv4 & 6.
I have dns filter set to ‘router’.
I have enabled dns rebind protection, & dnssec.
I disabled dns privacy prior to the Dnscrypt install.

What did I forget/do wrong?
Try removing manually defined dns tho I doubt it has anything to do with it. Could potentially be that tho. Especially since dns filter is set to router. Maybe forcing traffic to cleanbrowsing
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top