So I tho everything was working fine so I didnt check it with wireshark until today.
It turns out nonoe of my queries are being encrypted.
Even with two servers added and everything done as the openwrt wiki explains. If I go to welcome.opendns it shows I'm using OpenDNS tho.
Also I see some brazilian random DNS server if I type netstat -f which makes me think Im getting maninthemiddled pretty hardcore. Any ideas?
Is there any way to stop the connection if DNScrypt doesn't work?
Kinda unrelated question Is dnscrypt.org working for you?
Using this link btw: https://askubuntu.com/questions/105366/how-to-check-if-dns-is-encrypted Checked port 5353, I see all "standard query" nothing encrypted.
If you need help you could start by posting your /etc/config/dhcp and /etc/config/dnscrypt-proxy.
PS. So you wiresharked traffic between your router and ISP?
probably he wiresharked it on his local machine. go to connection list under realtime graphs status page and see if you have multiple dns requests originating from your wan ip.
multiple dns requests should only be triggered from your local machines to the router.
to stop connection if dnscrypt doesn't work and to prevent other statically assigned servers from being queried use iptables redirect rules:
iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
as far as i remember this does not apply in case you run vpn or proxy services on your local hosts