Posted: Mon Apr 30, 2018 14:49 Post subject: Kong please update DNSCrypt to v2 because v1 is down
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Posted: Mon Apr 30, 2018 16:31 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Thanks in advance!
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Posted: Mon Apr 30, 2018 16:43 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
<Kong> wrote:
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Thanks in advance!
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.
Hm thats really bad news
But maybe its still worth a try or could be optimized for routers?
Posted: Mon Apr 30, 2018 18:36 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
jwh7 wrote:
If that's the case, then dnscrypt (v1) can be removed, right?
Hang on a second!!!!!!
I'm not arguing the inevitable but I am currently using 4 DNSCrypt servers that also do DNSSEC without much issue
Sooooo....maybe we can wait a few more days before scrapping it entirely??......please
Unless Unbound is mature, all what some say it is and able to do what DNSCrypt can...for some of us at least
And maybe have a dd-wrt wiki existing on it??
I know..asking too much...
We will get what we get & we.. at least I will be thankful!! _________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
So I ended up troubleshooting a network issue for a while not realising it was DNSCrypt all a long. Oops. Wish I'd seen this post earlier!
Potenitally Entware is an option to continue using DNSCrypt, currently has the old 1x version, but will be updated soonish, or perhaps move over to ubound as others have said.
In fact the arm binary on the official GitHub page works on armv7:
I personally have too much dependency on dnsmasq currently with ipset (split VPN tunnel stuff), so I'll be sticking with dnsmasq. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
I have 4 r7000s (families and my own) using dnsmasq's DNSCrypt without issues with an uptime of over 45 days.
Thanks James2k for the link, if DNSCrypt v1 stops working on the servers I use but so far DNSCrypt v1 is Golden. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
This doesn't fix things for DD-WRT, and I've been out of pocket on these forums for a while, but I recently moved DNSCrypt to a Raspberry Pi that is also running Pi-Hole.
Router/clients -> Pi-Hole -> loopback to DNSCrypt port -> out to OpenDNS
Took me a bit to get the Pi-Hole and DNSCrypt pieces to both work on start up and some other desired config with correct user permissions etc., but is all working very nicely now.
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.
Posted: Thu Jul 12, 2018 13:31 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
<Kong> wrote:
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.
When you say large memory footprint is this flash memory or process memory?
I've got 512MB RAM in the 1900DHP, and I'd suspect that there is likely more room in the flash memory as well.
And there are likely many other routers out there with a decent amount of hardware these days.
Alternatively, if it comes down to a flash constraint, could it be split up to leverage jffs2 flash space instead? _________________ Routers:
WXR-1900DHP - Active (main) - v3.0-r36070M kongac (05/31/18 )
WZR-N600DHP - Wired AP - v3.0-r33679 BS (11/04/17)
WNDR-3400 - retired to its box for several years
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Dec 27, 2018 7:12 Post subject:
yep DNSCrypt is a killer, its a nice thing to have..
i don't have any troubles with it its been working fairly with no issues at all its very much about the correct server used as many of them tend to go down for either maintenance or anything else quite often...
those once i choose are stable and do work most of the time...
DNSCrypt is also very NTP time dependant so if its not working DNSCrypt makes an issues so those one that complain check your NTP time servers
DNSCrypt encrypts and DNSSEC all the DNS requests in both directions so UNbound and DNS over TLS or Doh are not the same at all...DNSCrypt provides much more security as well DNSSEC, DoH and Tls
sadly the new DNSCrypt is using Go Lang and its huge
so if there is any compress trick to be able to fit it in to the Flash size than it will be awesome to have it otherwise we can use it on computer level if so...
the other alternative will be DoH POST option as tls is more easy to monitor and hack unless its not tls 1.3 but most of the openDNS like 9.9.9.9 & 1.1.1.1 already support DoH and Tls
i guess this thing might even help on router level... https://blog.technitium.com/2018/12/configuring-dns-over-tls-and-dns-over.html _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I agree....DNScrypt still running strong here with four servers all also using DNSSEC
Although one of them has a rekey issue for an hour or two each day.....assuming that would be a timezone issue
As far as the NTP issues many have reported......here are my two cents
<Kong> fixed that a long time ago
You have to leave the box blank and only select a timezone
Now here is the catch that seams to get many
In my testing in the past...once you enter anything...whether it be a name or ip address....then delete it...something gets left behind in the nvram....causing it to not work properly
Only solution is to "erase nvram" if on an older firmware or "nvram erase" if on a more current build......gui reset to default may also work...but personally I never tested it for this issue
For completeness....if I only use one DNScrypt server through the gui...it sometimes takes up to five minutes to get the enitial time after a reboot?
When run from command line in a startup script using the four servers....the time is always set on the first try? _________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Fri Dec 28, 2018 18:42 Post subject:
216.239.35.4 paste it in the NTP box and select your time zone it never failed... its one of the GGL ntp time servers and if you use a name instead of IP its buggy.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913