Solution here
A while back Anonymized-DNS came to be, by some arcane sorcery, which is more then nice have and behold, how? Well, let's see? (firmware: OpenWrt SNAPSHOT r13768-f632747704 & my config)
There are luci guide's in the 'how' above. But I'm point & click challenged, so;
opkg update
opkg install dnscrypt-proxy2
Check if ping's are in stock these trying times;
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=52.862 ms
ping google.com
PING google.com (172.217.21.174): 56 data bytes
64 bytes from 172.217.21.174: seq=0 ttl=117 time=34.457 ms
64 bytes from 172.217.21.174: seq=1 ttl=117 time=53.325 ms
Then:
uci add_list dhcp.@dnsmasq[0].server='127.0.0.53'
uci commit dhcp
/etc/init.d/dnsmasq restart
There be ping's still?
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=36.043 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=41.248 ms
ping google.com
PING google.com (172.217.21.174): 56 data bytes
64 bytes from 172.217.21.174: seq=0 ttl=117 time=51.201 ms
64 bytes from 172.217.21.174: seq=1 ttl=117 time=51.591 ms
Noice.
We are supposed to fettle with config's, imagine that.
cp /etc/dnscrypt-proxy2/dnscrypt-proxy.toml /etc/config/
These are the changes I made to the default config:
#uncomment
server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
#uncomment
lb_strategy = 'p2'
#uncomment
lb_estimator = true
#added
routes = [
{ server_name='*', via=[ 'anon-cs-fr', 'anon-cs-de', 'anon-cs-uk', 'anon-cs-sk', 'anon-ams-nl', 'anon-cs-md'] }
Stirr dnsmasq:
/etc/init.d/dnsmasq restart
logread -l 100 | grep dnsmasq
Says:
daemon.info dnsmasq[5108]: using nameserver 127.0.0.53#53
Pings?
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=66.195 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=58.286 ms
ping google.com
PING google.com (172.217.21.174): 56 data bytes
64 bytes from 172.217.21.174: seq=0 ttl=117 time=52.225 ms
64 bytes from 172.217.21.174: seq=1 ttl=117 time=35.703 ms
Then, add: /etc/dnscrypt-proxy2/dnscrypt-proxy.toml
To: /etc/sysupgrade.conf
(For backup of org conf)
Add to /etc/config/dhcp
:
# Ignore ISP's DNS by not reading upstream servers from /etc/resolv.conf
option noresolv '1'
# Ensures that /etc/resolv.conf directs local system processes to use d>
option localuse '1'
# Disable because dnscrypt-proxy's block_undelegated already blocks RFC>
option boguspriv '0'
# Disable dnsmasq cache because we don't want to cache twice and the dn>
option cachesize '0'
Test:
/etc/init.d/dnsmasq restart
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=80.016 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=53.949 ms
root@wrt~# ping google.com
ping: bad address 'google.com'
Mkay..
logread -l 100 | grep dnsmasq
Wed Jul 29 18:03:30 2020 daemon.warn dnsmasq[5601]: Maximum number of concurrent DNS queries reached (max: 150)
Wed Jul 29 18:03:40 2020 daemon.warn dnsmasq[5601]: Maximum number of concurrent DNS queries reached (max: 150)
Wed Jul 29 18:03:50 2020 daemon.info dnsmasq-dhcp[5601]: DHCPREQUEST(br-lan) 192.168.99.3 00:1e:06:42:25:10
Wed Jul 29 18:03:50 2020 daemon.info dnsmasq-dhcp[5601]: DHCPACK(br-lan) 192.168.99.3 00:1e:06:42:25:10 CoreELEC
Wed Jul 29 18:03:50 2020 daemon.warn dnsmasq[5601]: Maximum number of concurrent DNS queries reached (max: 150)
Hm... what gives?