How to set up dnscrypt-proxy on OpenWRT in 2024?

Hello everyone.
Please tell me how to set up dnscrypt-proxy https://openwrt.org/docs/guide-user/services/dns/dnscrypt-proxy correctly? I set it up, below are my steps (short instructions), but I still have questions, I would appreciate your advice.

  1. What is the difference between dnscrypt-proxy and dnscrypt-proxy2

  2. What is the difference between using on a local port 127.0.0.1#5353 and for example 192.168.1.1#5353

  3. How to correctly add two or three Dnscrypt providers to the configuration file?
    /etc/config/dnscrypt-proxy

  4. How to use Dnscrypt together with Adblock or are there Dnscrypt providers that block ALL advertising? If you know, please write.

  5. Which provider can replace OpenDNS for pool.ntp.org

list server '/pool.ntp.org/208.67.222.222'

Installation

# opkg update 
# opkg install dnscrypt-proxy
# nano /etc/config/dhcp

config dnsmasq 
            option domainneeded 1 
            option boguspriv 1 
            option filterwin2k 0 
            option localise_queries 1 
            option rebind_protection 1 
            option rebind_localhost 1 
            option local '/lan/' 
            option domain 'lan' 
            option expandhosts 1 
            option nonegcache 0 
            option authoritative 1 
            option readethers 1 
            option leasefile '/tmp/dhcp.leases' 
        #   option resolvfile '/tmp/resolv.conf.auto' 
            option noresolv 1 
            list server '127.0.0.1#5353' 
            list server '/pool.ntp.org/208.67.222.222' 
            option nonwildcard '1'

Choose DNScrypt provider here:

# nano /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

# nano /etc/config/dnscrypt-proxy

config dnscrypt-proxy
        option address '127.0.0.1'
        option port    '5353'
        option resolver   'cs-es'
        option resolvers_list  '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
/etc/init.d/dnsmasq restart

Check dnscrypt-proxy


logread | grep " Proxying from"

Size and many more capabilities.

Thanks for your answer. Could you list the most important differences, I want to understand if I change dnscrypt-proxy to dnscrypt-proxy2 and what I get.

Right off you need to know if you can afford the 4.25MB space to install Dnscrypt-proxy2.

As far as features:
Dnscrypt-proxy2 allows one, many, or all available public resolvers depending on your choice and can be tailored to use only specific resolvers matching among others, no logs, DoH, ODoH, IPv4, IPv6, DNSSEC security extensions, must not enforce their blocklists, among other filters.

Can be configured to use lowest latency resolvers.

Can use dnscrypt relays to Anonymize DNS queries.

Adblock accommodates it.

The configuration uses a .toml file that is fully documented by feature set with examples
.

1 Like