in latest luci snapshot sources you'll find a new GUI for DNSCrypt-Proxy to ease the dnscrypt-proxy configuration, main features:
full resolver list handling, incl. list refresh and simple resolver selection per instance
parse/show the resolver, Location, DNSSEC- and NOLOG-Flag in the resolver select box
automatically transfer dnscrypt specific settings to dnsmasq as well,
This may change the values for 'noresolv', 'resolvfile',
'allservers' and the list 'server' settings (enabled by default)
startup trigger support
support the following (conditional) options:
resolvers_list
ephemeral_keys
blacklist
block_ipv6
local_cache
query_log_file
complete dnscrypt & dnsmasq configuration in 'Advanced' section
Example screenshots:
Download: You will find the ready to run ipk-package here
Thanks for the gui but I can't see anything in general options so I can't use refresh resolver list and startup trigger:
General options
This section contains no values yet
Any idea what might be wrong? I can see all the other options.
I run my own build of LEDE kernel 4.4.83, git 364befeccf01c07049b492d90e98c2c13457c7c3
luci-app-dnscrypt-proxy git-17.230.25723-2163284-1
Btw when one creates a second dnscrypt instance one needs to create a file /etc/resolv-crypt.conf with options timeout:1. The gui is not doing that - is it a bug? https://wiki.openwrt.org/inbox/dnscrypt
I think that I just found a bug while using your DNScrypt GUI.
I configured DNScrypt to use three DNS servers and mapped the IP 127.0.0.1 to the ports 5353, 5354 and 5355.
After my first DNS server wasn't available anymore, the others were not used. I had to set a new server for my first DNScrypt instance.
DNSmasq looks like following:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases' #option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option noresolv '1'
option strictorder '1'
list server '127.0.0.1#5355'
list server '127.0.0.1#5354'
list server '127.0.0.1#5353'
list server '/pool.ntp.org/208.67.222.222'
The new LuCI-GUI works only on /etc/config/dnscrypt-proxy, it didn't make any changes to your dnsmasq configuration. For running Multiple DNSCrypt instances please consult the wiki page
Don't use port 5355, this port is IANA registered for Link-Local Multicast Name Resolution (LLMNR) protocol.
I have same problem & change to 5454 work well.
I think no need resolv-crypt.conf. Just add dnsmasq option "allservers".
The document say: By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requester.
One last question: What do I have to do to enable blacklist? I mean, can I add the link to mybase.txt ( https://download.dnscrypt.org/blacklists/domains/mybase.txt ) on the GUI or do I have to upload it through SCP first and then put that local path on the GUI?
thanks