Enabling DNSCrypt Breaks after reboot

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
techwoes
DD-WRT Novice


Joined: 23 Jun 2019
Posts: 3

PostPosted: Sun Jun 23, 2019 22:27    Post subject: Enabling DNSCrypt Breaks after reboot Reply with quote
Whenever I set DNSCrypt on my Linksys WRT3200ACM router it will work after "apply settings" but after a reboot or power cycle the router loses internet connectivity until I go back to the DNSCrypt service page and do "apply settings" again. After this it's just fine. I have used dnsleakcheck.com to confirm that the selected dnscrypt server is being used. It seems to work fine other than having to hit the apply settings button every time after a router power/reset cycle. Has anyone else encountered this bug? I just got the modem about 2 weeks ago and it has been solid other than this issue. I have toggled DNSCrypt on and off and confirmed multiple times that this is the only setting causing this.

I have tried different DNSCrypt servers, and I don't really think it's that because of the aforementioned "apply" fixes all the issues. I don't want to have this issue come up after a power outage or something and I'm away from home and want to enjoy my jellyfin server Very Happy , as I travel a bit for business.
Sponsor
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 418

PostPosted: Mon Jun 24, 2019 1:10    Post subject: Reply with quote
In the webif on the Setup/Basic Setup tab...did you put anything in the "Time Settings" box in the "Server IP/Name" field?

If so...you caused this..once you put "anything" in there...You now have to specify a numerical ip address..not a name type address with any letters for your server for DNSCrypt to properly work avter a reboot.

Also.. You should state what build you are using or have tried, when asking for help.

_________________
Location 1
R6300V2- DD-WRT v3.0-r39345M kongac (04-03-19) Gateway
WNDR3400v1 DD-WRT.v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Gateway
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
2 devices: SXT 5 ac (mipsbe) RB 6.44.3 (06/23/19) PTP Bridge (0.8km/0.5mi)tx/rx866.6Mbps-1GbpsLAN

Thank You <Kong> & BrainSlayer for ALL that you do also to everyone here that shares their knowledge
techwoes
DD-WRT Novice


Joined: 23 Jun 2019
Posts: 3

PostPosted: Mon Jun 24, 2019 2:41    Post subject: Reply with quote
Dr_K wrote:
In the webif on the Setup/Basic Setup tab...did you put anything in the "Time Settings" box in the "Server IP/Name" field?

If so...you caused this..once you put "anything" in there...You now have to specify a numerical ip address..not a name type address with any letters for your server for DNSCrypt to properly work avter a reboot.

Also.. You should state what build you are using or have tried, when asking for help.


My build is Firmware: DD-WRT v3.0-r37305 std (10/10/1Cool

I downloaded the latest beta from 6-20 and dnscrypt isn't even an option (not present any longer in the GUI), so i went back to the version above.

I tried what you said and rebooted both with a real ip address number and with ntp client turned off and the result was the same, for dnscrypt to work I always had to click "apply settings" . So for now I'm giving up on it, I will move forward with my plan to upgrade my raspberry pi to pi-hole and then use dns-over-tls instead and point my dd-wrt router at that.

Thanks for trying to help!
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2700
Location: UK, London, just across the river..

PostPosted: Mon Jun 24, 2019 6:08    Post subject: Reply with quote
well....first the build you run is old...and yes
DNSCrypt interface was removed from GUI but it module is still there so you can call it from CLI or via Script...
Second for DNSCrypt to work as Dr_K said ,NTP time is vital...
Third questions regarding Marvel based units belong here : https://forum.dd-wrt.com/phpBB2/viewforum.php?f=58

_________________
Atheros
TP-Link WR1043NDv2 ------DD-WRT 40009 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ------DD-WRT 40352 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2.......... Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 ------------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DNSCrypt x2)
Broadcom
Netgear R7000 ---------DD-WRT 40270M Kong (AP,NAT,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
Others
Netgear ProSAFE-GS105Ev2 ----(LAN Switch)

----------------------------------------------------------------------------------------------------
Stubby for DNS over TLS
techwoes
DD-WRT Novice


Joined: 23 Jun 2019
Posts: 3

PostPosted: Mon Jun 24, 2019 19:26    Post subject: Reply with quote
Alozaros wrote:
well....first the build you run is old...and yes
DNSCrypt interface was removed from GUI but it module is still there so you can call it from CLI or via Script...
Second for DNSCrypt to work as Dr_K said ,NTP time is vital...
Third questions regarding Marvel based units belong here : https://forum.dd-wrt.com/phpBB2/viewforum.php?f=58


I appreciate the help. Next time I will hit up the appropriate sub forum. Like I said I tried what he said. I used ntp.pool.org, empty, and a real ntp time server in the text field. None of that worked after a reboot, the only thing that worked was to hit "apply settings" . It would seem if NTP time text box entry mattered a lot then apply settings would have failed because the NTP time dependency would have failed. I confirmed it was getting the right DNS in all cases with DNSLeakTest . Thanks for the help. After some research it seems that DNS-over-TLS is a better solution for me anyway. I have pi-hole and stubby running in a VM on an old server currently for a DNS resolver. I will move that config over to pi when I get a chance. Since I am a command line idiot I don't really want to fool with the modules because I'll just end up bricking my $150 router. Thanks for the help. Cheers.
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 418

PostPosted: Mon Jun 24, 2019 22:12    Post subject: Reply with quote
techwoes wrote:
I appreciate the help. Next time I will hit up the appropriate sub forum. Like I said I tried what he said. I used ntp.pool.org, empty, and a real ntp time server in the text field. None of that worked after a reboot, the only thing that worked was to hit "apply settings" . It would seem if NTP time text box entry mattered a lot then apply settings would have failed because the NTP time dependency would have failed. I confirmed it was getting the right DNS in all cases with DNSLeakTest . Thanks for the help. After some research it seems that DNS-over-TLS is a better solution for me anyway. I have pi-hole and stubby running in a VM on an old server currently for a DNS resolver. I will move that config over to pi when I get a chance. Since I am a command line idiot I don't really want to fool with the modules because I'll just end up bricking my $150 router. Thanks for the help. Cheers.

I know this wasn't directed towards me, but it did reference...

You missed my point. Once you enter anything in for time server (which you admit you did).. The only way for this to work with it blank again is with a reset, as something is left in the nvram.

Now you tell me you used a "real ip address number" then told @Alozaros you used "ntp.pool.org"...

Did you actually try....Let me translate your server into a real numerical numbered address for you...ntp.pool.org= 64.99.80.121 ??

My bets are you didn't...

Your confident assumptions of all what is going on when you hit "apply" are way less than what is actually happening.

Please share how you'll just end up bricking your $150 router fooling with the modules...

As you also misunderstood @Alozaros when he clearly told you that the modules are still there... Just the GUI setting was removed.

Which was junk anyways as the Gui setup was crippled by only allowing you to use one server.

I understand you now are now going in a different direction...
My comments are more to help anyone else that finds your thread wanting to help themselves & head advice without arguing their assumptions....

_________________
Location 1
R6300V2- DD-WRT v3.0-r39345M kongac (04-03-19) Gateway
WNDR3400v1 DD-WRT.v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Gateway
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
2 devices: SXT 5 ac (mipsbe) RB 6.44.3 (06/23/19) PTP Bridge (0.8km/0.5mi)tx/rx866.6Mbps-1GbpsLAN

Thank You <Kong> & BrainSlayer for ALL that you do also to everyone here that shares their knowledge
SurprisedItWorks
DD-WRT User


Joined: 04 Aug 2018
Posts: 215
Location: Appalachian mountains, USA

PostPosted: Tue Jun 25, 2019 16:44    Post subject: Reply with quote
Also, if you are set up to access the CLI (ssh or telnet), you can have a look at /var/log/messages and note when the ntpclient first gets time set up (the times on the left will suddenly make sense, at least in GMT) and what is happening as dnscrypt-proxy tries to get its certificates sorted out, something that requires accurate time. If you don't feel like wading through the log by hand, try the command

grep -E 'dnscrypt|ntpclient' /var/log/messages

instead. If you aren't up to dealing with the CLI, you can view the log, somewhat awkwardly, in GUI>Status>Syslog. The log only goes back so far, so its cleanest to look shortly after a reboot. And if the time is not the issue, perhaps dnscrypt-proxy will reveal something else to you in the log.

_________________
Five of the Linksys WRT1900ACSv2, on r39144 and r38159. On various: VLANs, client-mode travel router, two DNSCrypt DNS servers (incl Quad9), multiple VAPs, USB/NAS, OpenVPN client (random NordVPN server).

VLANs on the WRT1900ACSv2 and other two-CPU Linksys/Marvell routers:
https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1091367

DNSCrypt for Quad9 DNS and/or multiple servers and/or missing DNSCrypt enable button: Sun Jan 06, 2019 post at
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum