Hi,
I am trying to access some domain, xyz.com lets say. Chrome complains DNS_PROBE_FINISHED_NXDOMAIN
On the router running LEDE, I have dnscrypt and dnssec configured correctly. I think for the most part, I am using dnscrypt.nl, which claims no censorship.
When I do a nslookup on the xyz.com domain, I get the ip address. When I go to the ip address in chrome
https://xxx.xxx.xxx.xx , I get a certificate warning and complaints site might not have a valid certificate.
But when I switch dns to google's dns I don't see this issue. I mean I didn't check what IP address I get there, I will try to check that.
In chrome, I cleaned up dns cache, and disabled advanced dns lookup and prediction to be sure.
Any help /suggestions appreciated.
Attached configs below:
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option dnssec '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
# option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
option localservice '1'
option nonwildcard '0'
list server '127.0.0.1#5354'
list server '/pool.ntp.org/208.67.222.222'
config dhcp 'lan'
option interface 'lan'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '100'
option limit '50'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
/etc/config/dnscrypt-proxy
config dnscrypt-proxy ns1
option address '127.0.0.1'
option port '5354'
option resolver 'dnscrypt.nl-ns0'
option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
option ephemeral_keys '1'