Dnscrypt-proxy compiled with Plugins support

Dear community:

I was using dnscrypt-proxy to do a simple blacklist filtering in my network and that worked perfectly, until the "plugin" functionality was disabled when the owner disabled the option in the compilations.

Anyone can point me to an "IPK" that has the plugin functionality enabled so I can downgrade to that version?

Thanks in advance.

@InkblotAdmirer ?

You can submit a pull request to change the default for plugins to "yes" so the buildbot will include them, but the default was intentionally left to no to prevent an extra 125kB (compressed) for the package. I can't guarantee it would be accepted, however. (I haven't tried it but I'm told that simple changes like this can be handled from the github web ui -- no idea whether a PR like that would be accepted however).

davidc502 is building the package with plugins enabled, you can use his repo or his custom build.

Alternatively, set up a build environment in a virtual machine and build the custom package yourself -- seriously, it's very straightforward from instructions and you can then add/delete whatever features you wish.

I've fixed this by following your advice and installing @davidc502's
version. Thanks!

Just wondering, what kind of plugins would dnscrypt need? I cant think of any but I'm dumb so bear with me.

Edit replying to myself https://github.com/kdave/dnscrypt-plugins/blob/master/README.md

The most useful one is the BLACKLIST and LOGging capability of such
blacklisted domains/IPs... I use that isntead of a ad-blocker

Would you share your blacklist with us? Sounds useful. Specially since apparently adblock conclicts with DNSCrypt or at least thats what the guy who made the AdBlock openwrt plugin said.
EDIT: I read that completely wrong. I need to sleep, he said

  1. It defaults to DNS-hijacking, so if you have local devices on your network with hardcoded DNS servers, simple-adblock will force them to use your router DNS server (both IPv4 and IPv6) instead.

Anyways, I think he didnt express himself correctly. He meant Authoritative DNS. (I think).

The blacklist I use is the one referenced in the dnscrypt-proxy github main
page caled mysites.txt or something like that

Hey, I'm interested in implementing the dnscrypt plugins.
I'm compiling my own image including plugins support.
Where can I find documentation about how to enable and configure them? Which files do I need to configure?

Dear guru of Dnscrypt-proxy @InkblotAdmirer ...

I have version with plugins enabled ( from @davidc502 's latest release ) . I've found that , even tough the blacklisting is configured, along with the logging, all of the computers on my network are able to access the blacklisted addresses...

Even weirder , the entry is logged into the blacklist-log as if it was blocked, but it is not... is there a chance I have any kind of "leak" somewhere? I've ran a dnsleak test and it is showing i'm not, just one dns showing up, and is the one I've chosen...

Thanks in advance for any suggestions!

I have found the blacklist file must be present before dnscrypt-proxy starts, otherwise it isn't used. This also means it can't be updated dynamically without restarting dnscrypt-proxy.

So in my use case, when I add an IP to the block file I stop the dnscrypt-proxy service, then restart it. This seems to work for me.

Also, just to verify, execute "dnscrypt-proxy --version" and verify "Support for ldns-based plugins: present"

Other than that... make sure your config is pointing to the right file!

@Leverbush -- make menuconfig, Network, IP Addresses and Names, dnscrypt-proxy Configuration --> Enable plugin support

I fixed it! I found that I had a manual dns resolver in my dnsmasq file to, so no dnscrypt's fault. I've did that a while back because dnscrypt's resolver that i was using was not resolving. I'll add a 2nd resolver to avoid this in the future! Thanks for the tips!

Well, wherever or not adblocking conflicts with dnscrypt-proxy depends on how your dnscrypt-proxy and dnsmasq are configured. If you configure dnsmasq to use a local instance of dnscrypt-proxy as a DNS server, either @dibdot's adblock or my simple-adblock should work just fine as is.

Also, considering how flexible the former is, I'm sure it's possible for @dibdot to implement native support for dnscrypt-proxy block plugin in his adblock.

Can we use the img builder to add dnscrypt with plugins support or do we have to compile from source? If yes, what's the name of the package so I can add it?
And today I noticed there's a package to add Luci GUI support for dnscrypt. That's amazing! Did you guys add that one recently? I swear I haven't seen it before.

@dibdot very recently wrote it -- you can check out and "thumbs up" his thread on that package.

1 Like

Yes thanks! Doesn't happen on a different setup compiled with dnscrypt+ plugins support so it was probably dnsmasq trying to push the dns.
Disabling the whole dns part of the dhcp file and just keeping dhcp works fine.
Thank you,

Hi Stan,

it's already implemented in adblock 3, but I'm still struggling with turris omnia integration, so not ready for prime time yet.