Kong please update DNSCrypt to v2 because v1 is down

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
ciscodlink
DD-WRT User


Joined: 13 May 2014
Posts: 240

PostPosted: Mon Apr 30, 2018 14:49    Post subject: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!
Sponsor
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4050
Location: Germany

PostPosted: Mon Apr 30, 2018 16:31    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!


With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
ciscodlink
DD-WRT User


Joined: 13 May 2014
Posts: 240

PostPosted: Mon Apr 30, 2018 16:43    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.

So here I am trying again with a dedicated thread this time:

- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements

DNSCrypt v2 Github:
https://github.com/jedisct1/dnscrypt-proxy

@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.

Thanks in advance!


With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.


Hm thats really bad news Sad
But maybe its still worth a try or could be optimized for routers?

Thanks for your feedback!
jwh7
DD-WRT Guru


Joined: 25 Oct 2013
Posts: 1909
Location: Indy

PostPosted: Mon Apr 30, 2018 17:08    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
Unbound is supposed to have support for dns via tls support, thus might be the better solution.
If that's the case, then dnscrypt (v1) can be removed, right?

Perhaps this helps: https://blog.cloudflare.com/dns-over-tls-for-openwrt/ Smile

_________________
# NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: Builds, Types, Modes, Changelog, Peacock, Demo #
x64 OPNsense 18.7r10|EA6900v1.1 Xwrt 380.70|DD: 36247 WNDR4500v2, WNDR4000@533, E1500@353, R6300v1,
2*E2500, WRT54*@250: GLv1.1 nks, GSv6 µ
|RT-N66U@663 Merlin 380.70|OEM: WGR614v10@400-WNR1000v3 mod


Last edited by jwh7 on Mon Apr 30, 2018 20:02; edited 1 time in total
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 59

PostPosted: Mon Apr 30, 2018 18:36    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
jwh7 wrote:
If that's the case, then dnscrypt (v1) can be removed, right?


Hang on a second!!!!!!

I'm not arguing the inevitable but I am currently using 4 DNSCrypt servers that also do DNSSEC without much issue

Sooooo....maybe we can wait a few more days before scrapping it entirely??......please Rolling Eyes

Unless Unbound is mature, all what some say it is and able to do what DNSCrypt can...for some of us at least

And maybe have a dd-wrt wiki existing on it??

I know..asking too much...

We will get what we get & we.. at least I will be thankful!!

_________________
Routers Maintained
Location 1
R6300V2- DD-WRT v3.0-r35550M kongac (03/28/18 ) Gateway
WNDR3400v1 dd-wrt.v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
Location 2
R6300V2- DD-WRT v3.0-r35550M kongac (03/28/18 ) Gateway
R6300V2- DD-WRT v3.0-r35550M kongac (03/28/18 ) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
2X SXT 5 ac(mipsbe) RB 6.42.3 (5/24/18 ) PTP Bridge (0.8km/0.5mi)
Thank You <Kong> & BrainSlayer for ALL that you do also to everyone here that shares their knowledge
James2k
DD-WRT Guru


Joined: 23 Oct 2011
Posts: 549

PostPosted: Mon Apr 30, 2018 20:45    Post subject: Reply with quote
So I ended up troubleshooting a network issue for a while not realising it was DNSCrypt all a long. Oops. Wish I'd seen this post earlier!

Potenitally Entware is an option to continue using DNSCrypt, currently has the old 1x version, but will be updated soonish, or perhaps move over to ubound as others have said.

In fact the arm binary on the official GitHub page works on armv7:

https://github.com/jedisct1/dnscrypt-proxy/releases

I personally have too much dependency on dnsmasq currently with ipset (split VPN tunnel stuff), so I'll be sticking with dnsmasq.

_________________
James

Main router:

Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac

IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset

Easy ipset support for the R7000

VPN speed: Download: 77.96 Mbps Upload: 5.00 Mbps (AES-128-CBC HMAC-SHA1)

Yes you can get 50 Mbps+ with OpenVPN on a R7000 if you configure it properly!

Previous routers:

ASUS RT-N66U - The Dark Knight
WNR2000v3 - Bought on the cheap for someone else, neutered crap
WNR3500Lv1 - First venture into the DD-WRT world
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1235
Location: Canada

PostPosted: Sat Jun 09, 2018 19:41    Post subject: Reply with quote
I have 4 r7000s (families and my own) using dnsmasq's DNSCrypt without issues with an uptime of over 45 days.

Thanks James2k for the link, if DNSCrypt v1 stops working on the servers I use but so far DNSCrypt v1 is Golden.

_________________
Home Network on Telus PureFibre - Wired GigaBit Backbone
| SSH | DDNS | DNSCrypt-Proxy | DHCP/Static IPs | Ad-Blocking |
| USB Storage - Scripts Only | VLANs/BRs | WiFi - APs/VAPs |
| OpenVPN-Client | YAMon3 | Telus-IPv6 | ebtables | ip6tables |

Multi 2x R7000 Setup - KONGAC 35550M Release 2018-03-28 (k4.4.124#548SMP)

______________________
YAMon 3.0 | Ad-Blocking for DD-WRT
DDWRT 60-day Timeline/changelogs
Kong Builds | DD-WRT Beta Builds
CloneVince's copies of Kong's Arm Firmware
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 719
Location: AR, USA

PostPosted: Thu Jul 12, 2018 3:38    Post subject: Reply with quote
This doesn't fix things for DD-WRT, and I've been out of pocket on these forums for a while, but I recently moved DNSCrypt to a Raspberry Pi that is also running Pi-Hole.

Router/clients -> Pi-Hole -> loopback to DNSCrypt port -> out to OpenDNS

Took me a bit to get the Pi-Hole and DNSCrypt pieces to both work on start up and some other desired config with correct user permissions etc., but is all working very nicely now.

Let me know if you would like more information.

_________________
R7000 Nighthawk - DD-WRT v3.0-r32170M kongac (06/11/17)
~~~~~~~~~~~~~~Currently Unused~~~~~~~~~~~~~~
WRT54Gv2 - V24 STD Build 22118 configured as AP
WRT54Gv8.2 - V24 Micro Build 22118 configured as AP
Brimmy
DD-WRT User


Joined: 29 Mar 2015
Posts: 295

PostPosted: Thu Jul 12, 2018 3:48    Post subject: Reply with quote
mac913 wrote:
I have 4 r7000s (families and my own) using dnsmasq's DNSCrypt without issues with an uptime of over 45 days.

Thanks James2k for the link, if DNSCrypt v1 stops working on the servers I use but so far DNSCrypt v1 is Golden.

Shocked ould you please shard these settings cause DNSCrypt V1 kills my internet and this has been since 34760, i think.
buffalo0207
DD-WRT User


Joined: 30 Apr 2014
Posts: 64
Location: UK

PostPosted: Thu Jul 12, 2018 9:40    Post subject: Reply with quote
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.

Cheers...
ludacrisvp
DD-WRT User


Joined: 21 Feb 2015
Posts: 101

PostPosted: Thu Jul 12, 2018 13:31    Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down Reply with quote
<Kong> wrote:
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.


When you say large memory footprint is this flash memory or process memory?
I've got 512MB RAM in the 1900DHP, and I'd suspect that there is likely more room in the flash memory as well.
And there are likely many other routers out there with a decent amount of hardware these days.
Alternatively, if it comes down to a flash constraint, could it be split up to leverage jffs2 flash space instead?

_________________
Routers:
WXR-1900DHP - Active (main) - v3.0-r36070M kongac (05/31/18 )
WZR-N600DHP - Wired AP - v3.0-r33679 BS (11/04/17)
WNDR-3400 - retired to its box for several years
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum