After experimenting with dnscrypt-proxy I realized that the version in opkg is outdated (from 2017), as also is the list of resolvers coming with it.
The dnscrypt-proxy version 1.9.5-8 seems not to support sdns stamps and very many of the provided resolvers do not work any more, many others are not pre-configured.
dnscryp-proxy2 seems to be a good step forward. What would be the right track to request a build of the new version (aumming that I will not be doing it)?
All the binaries are already built, you just need to install one and configure
I thanks I will give it a go.
Should be dnscrypt-proxy-linux_x86_64-2.0.35.tar.gz for OpenWRT 18 on a 64bit AMD?
Should I uninstall the dnscrypt-proxy package containing version 1?
Does the LUCI interface work with dnscrypt-proxy 2, too?
Just wondering why no one built a package, if that posting is even regularly updated...
Yes, I guess
dnscrypt-proxy-linux_x86_64-2.0.35.tar.gz will be the right one.
Old version should be uninstalled, there is no Luci support for v2 (yet?).
Please note that there are alternatives available - stubby for DNS-over-TLS and https_dns_proxy for DNS-over-HTTPS.
https over dns seems to be the more recent approach. which is preferable: stubby or https_dns_proxy?
looking into stubby it seems just to implement DoT, which I already have running using unbound.
so for DoH I woul dneed https_dns_proxy?
Recommended reading: https://dnscrypt.info/faq/
Personally I have both stubby and https_dns_proxy installed and pre-configured on my OpenWrt travel router, then have the ability to direct my local dnsmasq to either proxy, stubby is default one.
Back to the subject - I'm successfully using dnscrypt-proxy on my standalone DNS servers along with cloudflared and pi-hole. I decided not to use it on OpenWrt because of 2 factors:
- initially I faced some problems with dnscrypt-proxy on my standalone DNS server
- I'm happy with the alternatives I mentioned
some weaknesses mentioned here: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound
I saw that comparison. In the end for me it will very like come down to the availability of suitable resolvers. So I would use the protocol that gives me the resolvers I want..
That means I would need to test them all:
DoT using unbound
DoH using https_dns_proxy
DNScrypt using dnscrypt-proxy v2
Just a heads up, the next version of https-dns-proxy (PRs have been submitted) will switch from JSON API to RFC8484 and will support more resolvers than the current version.
sounds good. I am running dnscrypt-proxy v2 since yesterday and so for it works fine for DoH and DNScrypt. Although the installation was not difficult, having to do that on each openwrt image upgrade is a pain in the butt. That would be a motivation for switching over to https_dns_proxy opkg.
Does https_dns_proxy support dnscrypt and DoT, too?
Only RFC8484-compatible DoH servers.