Hi,
I did a
opkg update
opkg install dnscrypt-proxy
Here is the config file for dnscrypt
root@LEDE:~# cat /etc/config/dnscrypt-proxy
config dnscrypt-proxy ns1
option address '127.0.0.1'
option port '5353'
# option resolver 'cisco'
# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
# ephemeral keys option requires extra CPU cycles and can cause huge system load
# option ephemeral_keys '0'
# more details at https://github.com/jedisct1/dnscrypt-proxy#public-key-client-authentication
# option client_key '/path/to/client_key'
# option syslog '1'
# option syslog_prefix 'dnscrypt-proxy'
# option query_log_file '/path/to/logfile'
# enable cache may speed up dnscrypt-proxy, see https://github.com/jedisct1/dnscrypt-proxy/wiki/Go-faster
# option local_cache '0'
# disable IPv6 may also speed up dnscrypt-proxy, see https://github.com/jedisct1/dnscrypt-proxy/wiki/Go-faster
# option block_ipv6 '0'
# Blacklists allow you to block domains, ip, ... see https://github.com/jedisct1/dnscrypt-proxy/wiki/Filtering
# list blacklist 'domains:/path/to/domains-blacklist-file.txt'
# list blacklist 'domains:/path/to/domains-blacklist2-file.txt'
# config dnscrypt-proxy ns2
# option address '127.0.0.1'
# option port '5454'
# # option resolver 'd0wn-random-ns1'
# # option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
# # option ephemeral_keys '0'
# # option client_key ''
Then did:
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
Added the following in the /etc/rc.local
sleep 10
/etc/init.d/dnscrypt-proxy start
And finally my dnsmasq looks like this:
root@LEDE:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
# option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
option localservice '1'
option nonwildcard '0'
option serversfile '/tmp/adb_list.overall'
list server '127.0.0.1#5353'
list server '/pool.ntp.org/208.67.222.222'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
I am not sure why resolvers are not working. I tried 'cisco' and the default one fvz as well but it doesn't resolv anything.
So I am having to use my ISP DNS.
Here is more info:
root@LEDE:~# uci show | grep dnscrypt
dnscrypt-proxy.ns1=dnscrypt-proxy
dnscrypt-proxy.ns1.address='127.0.0.1'
dnscrypt-proxy.ns1.port='5353'
root@LEDE:~# opkg list | grep dnscrypt
dnscrypt-proxy - 1.9.4-1
dnscrypt-proxy-resolvers - 1.9.4+git-20161129-f17bace-1
root@LEDE:~# logread | grep -n "using nameserver"
203:Tue May 29 10:41:22 2018 daemon.info dnsmasq[3848]: using nameserver 208.67.222.222#53 for domain pool.ntp.org
204:Tue May 29 10:41:22 2018 daemon.info dnsmasq[3848]: using nameserver 127.0.0.1#5353
1- How do I know if the dnscrypt is working?
2- What do I need to do to use opnnic servers?? There used to be a .toml file where I could simply add the following lines:
[sources.'opennic']
url = 'http://download.dnscrypt.info/resolvers-list/v2/opennic.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'opennic.md'
Or how could I use the resolvers who hold no logs etc.
Any help would be appreciated...Cheers