Aim:
dnscrypt-proxy
is running on router. ISP has optimized DNS for some local services using their route, but has DNS hijacking for other things.
I want to use dnscrypt-proxy
for myself, and set ISP DNS for others.
The idea is: Let DHCPv4/v6
give ISP DNS directly by default, and give router IP to my devices only.
Problem:
- Devices like other's phones and my Nintendo Switch don't allow specifying DNS port, so I can't just bind the 2 DNS resolver to 2 different ports. Keeping dnsmasq is easy, but forwarding my requests to dnscrypt-proxy causes double caching. ISP DNS resolvers are close and numerous (2nd problem, they could change), so I want to keep dnscrypt-proxy instead to make things simple.
- When using router as DNS, DHCPv6 gives the link local IPv6 address for IPv6 DNS, which is very nice. The address may change upon network change (not sure if IPv6-privacy is enabled on router), so I want it to stay automated.
- Others don't know how to or want to set DNS manually.
- dnscrypt-proxy has no option to only serve LAN (if I bind multiple addresses with
[::]:53
)
Settings:
The options on LuCI doesn't seem to be able to fully do this.
In /etc/config/dhcp I see some options:
-
dnsmasq.localuse
: If I turn it off, does it cause router to use ISP DNS?
Or is this option making the router announce itself as DNS? -
dnsmasq.port=0
disables DNS.
EDIT: Also disables DNS in DHCPv4... -
host.dns
probably irrelevant - tagging but then it's manually assigning DNS
On a side note:
- The process tab says
dnscrypt-proxy
is taking 265% memory? But the memory usage in overview is low. - LuCI sometimes deletes other entries when I make a change (like setting dns port to 0 caused it to remove boguspriv=1 & nonwildcard=1). Is this normal?
Version: OpenWrt 21.02rc3, dnscrypt-proxy 2.0.46-beta3