DNSCrypt : how to pick the best server

Installing and Using OpenWrt
10

I don't use LuCI so I won't be able to help with the LuCI companion you mentioned.
I modified heavily the original installation tutorial for v2 so I could keep both v1 and v2 installed at the same time. If you'd like to replace v1 with v2 permanently you might want to make necessary changes to the instructions I'll post below.

I'm using Windows 7 so the tutorial will be based on that particular OS.

  1. Download the DNSCrypt-Proxy Releases package for your router. Make sure to match the package with your router's CPU architecture.
    I'm using TP-Link Archer C2600 (ipq806x) so the correct package for this platform is dnscrypt-proxy-linux_arm-2.0.X.tar.gz

  2. Extract the .zip package to a new folder. For reference I'll name it dnscrypt-proxy-v2-binary.

  3. Change the name of dnscrypt-proxy to dnscrypt-proxy-v2

  4. The binary file is around ~7 MB, after compression the binary shrinks to around ~1,6 MB. To compress the file, download UPX and extract it to dnscrypt-proxy-v2-binary folder.

  5. Open CMD inside the dnscrypt-proxy-v2-binary folder and enter the command posted below. Make sure you use the correct name of binary file.
    upx --lzma dnscrypt-proxy-v2

  6. Using SCP protocol (ex. WinSCP) copy compressed dnscrypt-proxy-v2 binary to /usr/sbin on your router.

  7. Open terminal, connect to your router and set the correct permissions for the binary file.
    chmod 755 /usr/sbin/dnscrypt-proxy-v2

  8. Using SCP, on your router:
    a) create dnscrypt-proxy-v2 folder inside /etc/
    b) create example folder inside dnscrypt-proxy-v2 to have a backup of original configuration files for DNSCrypt-Proxy v2

  9. Using SPC copy files listed below to /etc/dnscrypt-proxy-v2/example

    example-backlist.txt
example-cloaking-rules.txt
example-dnscrypt-proxy.toml
example-forwarding-rules.txt
example-whitelist.txt
LICENSE

  10. Using SCP copy (at least) example-dnscrypt-proxy.toml to /etc/dnscrypt-proxy-v2 and change it's name to dnscrypt-proxy-v2.toml and make necessary adjustments OR use ready-to-go config files from point 12.

  11. For minimal effort change the line listen_addresses = ['127.0.0.1:53', '[::1]:53']
    to listen_addresses = ['127.0.0.53:5353'] OR use the ready-to-go config files files from point 12.

  12. Links to content of my DNSCrypt-Proxy v2 config files:
    blacklist.txt
    cloaking-rules.txt
    dnscrypt-proxy-v2.toml
    forwarding-rules.txt
    LICENSE
    whitelist.txt

  13. Download the init .zip and using SCP copy the file inside it to /etc/init.d/.

  14. Set permissions to the init file
    chmod 755 /etc/init.d/dnscrypt-proxy-v2

  15. If you don't use v1 open /etc/config/dhcp file and inside section config dnsmasq add line
    list server '127.0.0.1#5353'

  16. To make sure the DNSCrypt-Proxy-v2 binary, init and config files are included in your router's config backups add below to /etc/sysupgrade.conf

    ## DNSCrypt-Proxy-v2

/etc/init.d/dnscrypt-proxy-v2
/usr/sbin/dnscrypt-proxy-v2
/etc/dnscrypt-proxy-v2/

  17. Inside terminal disable v1...

    service dnscrypt-proxy stop
service dnscrypt-proxy disable

  18. ...and enable v2

    service dnscrypt-proxy-v2 enable
service dnscrypt-proxy-v2 start
3 Likes