DNSCrypt V2, it's running but not working properly

computer_guy · September 14, 2019, 8:20pm

Hi,

I have the Linksys WRT3200ACM router, running the latest version of firmware.

I've followed the guide at: https://davidc502sis.dynamic-dns.net/dnscrypt/

It got setup, i beleived it was working. WHen going to dnsleaktest.com or other similar sites it would show my comcast default dns, which that documentation stated it used cloudfare. I had gone both to wan & wan6 interface and untick use dns advertised by peer and upon refresh dnsleaktest, it showed one cloudfare server found and thats all. Upon a router reboot right after this, I no longer could connect to any webpage (yes, dnscrypt-proxy was still running. Its set for auto-boot as documentation had me do). Once re-ticking the use dns advertised by peer option in both interfaces I had internet back, but still use comcast dns. Now, i could get internet by unticking that option and adding cloudfare's dns in which works but upon going to: https://www.cloudflare.com/ssl/encrypted-sni/
it shows i'm using clourdfare dns but both SecureDNS and Endcrypted SNI fail.
I don't know many ways to verify that dnscrypt is even working or not.

I did not edit the file /etc/config/dnscrypt-proxy.toml as I didn't know what I should edit and the documentation didn't say to do so.

One thing I did figure out after a while is that, after I first install it by following everything in documentation linked above, I go to interfaces for both wan & wan6 and untick use dns advertised by peer and this does work as I can check at: https://www.cloudflare.com/ssl/encrypted-sni/ it shows SecureDNS as a pass. Ok, so I just did a normal reboot in Luci and then got no internet connectivity, no matter what at this point there is no way to fix this other than re-enable that option or supply cloudfare dns manually but if doing this SecureDNS shows as fail. Nothing else seems to fix it other than an uninstall/re-install of dnscrypt proxy 2, but after a reinstall, same issues occur.

I did manage to get version 1 working properly though but can't seem to get it working with cloudfare, as well I was told it's better to use V2 anyway.

Know what may be going on?

Thank you

vgaetera · September 15, 2019, 2:17am

uci show dhcp
head -n -0 /etc/resolv.* /tmp/resolv.*
grep -v -e "^#" -e "^$" /etc/config/dnscrypt-proxy.toml

https://openwrt.org/docs/guide-user/services/dns/start#encryption

computer_guy · September 15, 2019, 7:52am

Thanks for your response, i just got back on to state that I got it to work after many hours..

It was as simple as adding "/pool.ntp.org/208.67.222.222" w/out quotes to the end of config dnsmasq section of /etc/config/dhcp and rebooting.
I know what this does, but it don't know why it would be needed. No guides for dnscrypt-proxy V2 show that this is needed or wether it should even be used, however it's the only that that works for me. My local time/date on router is set properly. Adding that DNS forwarding address is only shown in guides for dnscrypt proxy V1.

system · September 25, 2019, 7:52am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.