Editing and adding entries to dnscrypt-resolvers.csv

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Argenis
DD-WRT User


Joined: 18 Feb 2019
Posts: 159

PostPosted: Fri May 21, 2021 21:13    Post subject: Editing and adding entries to dnscrypt-resolvers.csv Reply with quote
I was wondering if there's a way to edit or add entries to dnscrypt-resolvers.csv when using DNSSEC.

I know that list is kept by dd-wrt developers, but since it's mounted as a read-only filesystem, it can't really be edited.

It'd be great if there's a way to add to it or just use your own list, or recommend an addition.

Quad9 seems to be a popular one around the forum but people have been using third party entware stuff which I'd like to avoid, considering that dd-wrt already has a really good, working DNSSEC implementation.

_________________
Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled 
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled 
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled 
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled 
Radar Detection Disabled 
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri May 21, 2021 21:53    Post subject: Reply with quote
Using echo, if memory serves.

echo (text) >> dnscrypt-resolvers.csv (append a line)

echo (text) > dnscrypt-resolvers.csv (overwrite the entire file)

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Argenis
DD-WRT User


Joined: 18 Feb 2019
Posts: 159

PostPosted: Fri May 21, 2021 22:08    Post subject: Reply with quote
kernel-panic69 wrote:
Using echo, if memory serves.

echo (text) >> dnscrypt-resolvers.csv (append a line)

echo (text) > dnscrypt-resolvers.csv (overwrite the entire file)


Thank you for the suggestion, but it still brings up: Can't create file: Read-only file system

_________________
Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled 
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled 
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled 
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled 
Radar Detection Disabled 
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri May 21, 2021 22:21    Post subject: Reply with quote
if you are using the GUI DNScrypt option, than you are very limited to only one server at the time...but...
you can turn it off and call it via start up and use as many servers as you need...


RESOLVER_FILE="/etc/dnscrypt/dnscrypt-resolvers.csv"
dnscrypt-proxy -S -m 5 -a 127.0.0.1:30 -R dnscrypt.eu-nl -L /etc/dnscrypt/dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -m 5 -a 127.0.0.2:30 -R dnscrypt.eu-dk -L /etc/dnscrypt/dnscrypt-resolvers.csv -d

for more details have a look at this thread posted by SurprisedItWorks
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094&start=6
or here
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328794&start=7

for more versatile use of DNScrypt use ver 2, green link in my signature...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Argenis
DD-WRT User


Joined: 18 Feb 2019
Posts: 159

PostPosted: Fri May 21, 2021 22:23    Post subject: Reply with quote
Alozaros wrote:
if you are using the GUI DNScrypt option, than you are very limited to only one server at the time...but...
you can turn it off and call it via start up and use as many servers as you need...


RESOLVER_FILE="/etc/dnscrypt/dnscrypt-resolvers.csv"
dnscrypt-proxy -S -m 5 -a 127.0.0.1:30 -R dnscrypt.eu-nl -L /etc/dnscrypt/dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -m 5 -a 127.0.0.2:30 -R dnscrypt.eu-dk -L /etc/dnscrypt/dnscrypt-resolvers.csv -d

for more details have a look at this thread posted by SurprisedItWorks
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094&start=6
or here
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328794&start=7

for more versatile use of DNScrypt use ver 2, green link in my signature...


No, that's literally not what I'm talking about. I'm talking about modifying the list the GUI uses, which is stored in that CSV, to add more or fix the ones that are there that don't really work because they haven't been updated in a while.

It's super easy to modify, but the filesystem is read only (this is good security), but if there's no way to do this it's fine. I know how to manually use my own.

_________________
Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled 
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled 
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled 
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled 
Radar Detection Disabled 
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri May 21, 2021 22:44    Post subject: Reply with quote
yep on of the links i posted, have a deep look Rolling Eyes Laughing
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Argenis
DD-WRT User


Joined: 18 Feb 2019
Posts: 159

PostPosted: Fri May 21, 2021 22:49    Post subject: Reply with quote
Alozaros wrote:
yep on of the links i posted, have a deep look Rolling Eyes Laughing


So the answer is no, that script just makes it so DNScrypt runs off the temporary directory that gets wiped every reboot.

Not quite the solution I was working.

My goal is to make some easily configurable options for non-linux people to use on the drop down.

_________________
Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled 
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled 
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled 
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled 
Radar Detection Disabled 
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri May 21, 2021 23:30    Post subject: Reply with quote
So, as root, logged in via telnet or ssh, issuing either one of those with the proper path to the .csv file, it gives you an error? Hmmm.... must be different permissions than in /proc.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Sat May 22, 2021 6:48    Post subject: Reply with quote
yep... the answer is NO...you cannot edit the read only file system, but you can deny/kill loading the default one and make your own that's the point...if that was giving you an error, you either not doing it correctly or there is something buggy with the firmware, as KP69 pointed out...try to deduct the options...i guess few users would've report it already.... if the last one was the case...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Sun May 23, 2021 16:54; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Sat May 22, 2021 15:45    Post subject: Reply with quote
My point was that I can modify and tweak the tcp and udp settings for networking optimization; I don't think that /proc is part of the temporary filesystem that does not survive a reboot. So, this must be a specific file permissions issue as I have never seen anything in the syslog or kernel log that says what I am doing is not permitted.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Sun May 23, 2021 15:18    Post subject: Reply with quote
The more recent of my posts that alozaros links to (also link in my sig below) includes a script that uses mount in Startup to "replace" the original file with another. So if you create that "another" first as a copy of the original plus your own additions, you are good to go. This is not a super-simple approach for beginners, but you don't sound like one, so if you are reasonably solid on linux shell programming, you should be able to adapt the process used there.

The real catch with that is that anything you do in Startup is too late to affect dd-wrt's initial startup of dnscrypt-proxy based on the original file. So it all gets a little messy. You have to kill the original and restart it once the file has been changed.

You may end up needing most of what I needed in my approach, perhaps just replacing the curl download with your cleaner editing approach.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum