DNScrypt add more servers

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Wed Mar 04, 2020 21:05    Post subject: DNScrypt add more servers Reply with quote
Hi, simple question, how do add more dns resolvers in the list? Some services like SecureDNS are not working and i don't find any dns that i would like to use.

How do add new ones? Many thanks!

_________________
R7000@1400mhz

Sponsor
dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Wed Mar 04, 2020 21:49    Post subject: Re: DNScrypt add more servers Reply with quote
lolloobernie wrote:
Hi, simple question, how do add more dns resolvers in the list? Some services like SecureDNS are not working and i don't find any dns that i would like to use.

How do add new ones? Many thanks!


Why not just get the Entware version, and use the full public resolver list?
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Wed Mar 04, 2020 22:03    Post subject: Re: DNScrypt add more servers Reply with quote
dragonC wrote:
lolloobernie wrote:
Hi, simple question, how do add more dns resolvers in the list? Some services like SecureDNS are not working and i don't find any dns that i would like to use.

How do add new ones? Many thanks!


Why not just get the Entware version, and use the full public resolver list?


What's entware? How does that solve my issue?

I found dnscrypt-resolvers.cvs which include all the existing dns server, what a headache to add just one though :/

_________________
R7000@1400mhz

dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Wed Mar 04, 2020 23:43    Post subject: Re: DNScrypt add more servers Reply with quote
lolloobernie wrote:
dragonC wrote:
lolloobernie wrote:
Hi, simple question, how do add more dns resolvers in the list? Some services like SecureDNS are not working and i don't find any dns that i would like to use.

How do add new ones? Many thanks!


Why not just get the Entware version, and use the full public resolver list?


What's entware? How does that solve my issue?

I found dnscrypt-resolvers.cvs which include all the existing dns server, what a headache to add just one though :/


It’ll still be up to you to find the Stamp for your server, but configuration is entirely under your control. You just need to add the DNSCrypt-proxy instance to DNSmasq as local name server.

Entware gives you access to packages in this repo - https://entware.net/. DNSCrypt-proxy is one of them

Look for instructions here - https://github.com/Entware/Entware/wiki
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Thu Mar 05, 2020 0:11    Post subject: Re: DNScrypt add more servers Reply with quote
Quote:
It’ll still be up to you to find the Stamp for your server, but configuration is entirely under your control. You just need to add the DNSCrypt-proxy instance to DNSmasq as local name server.

Entware gives you access to packages in this repo - https://entware.net/. DNSCrypt-proxy is one of them

Look for instructions here - https://github.com/Entware/Entware/wiki


I don't understand? DD-WRT already is using dnscrypt right? Also can only read the file, not modify it?

_________________
R7000@1400mhz

Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Thu Mar 05, 2020 1:32    Post subject: Reply with quote
Think of it this way, someone has to spend the time to do the configuration. The developers only want to spend so much time, but they have given the ability for others to do the modifications.

from a previous post I have done
Quote:

So here are the steps that I used on one of my routers (YMMV):

1. Add to dnsmasq.conf

Code:

no-resolv
all-servers
server=127.0.53.1#30
server=127.0.53.2#30


2. kill dnsmasq

3. Run on command line:

Code:

dnscrypt-proxy -S -a 127.0.53.1:30 -R quad9-dnscrypt -L ./dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -a 127.0.53.2:30 -R quad9-alt-dnscrypt -L ./dnscrypt-resolvers.csv -d

dnsmasq -u root -g root --conf-file=./dnsmasq.conf




For this example/notes the dnscrypt-resolvers.csv file looked like:

Code:

Name,"Full name","Description","Location","Coordinates",URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record
quad9-dnscrypt,"quad9-dnscrypt-ip4-filter-pri","quad9-dnscrypt-ip4-filter-pri","Anycast","",https://quad9.net,1,yes,yes,no,9.9.9.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,
quad9-alt-dnscrypt,"quad9-dnscrypt-ip4-filter-alt","quad9-dnscrypt-ip4-filter-alt","Anycast","",https://quad9.net,1,yes,yes,no,149.112.112.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,


This was my example for quad9. If there is another one you want to use setting some of the options can take a little bit of digging. But it is just a csv file with each line being a record. The "-R quad9-alt-dnscrypt" tells that instance to run the information for that resolver named in the file

These steps were to manually start up, but should be easily extended to start up automatically.

I do not know if running other services will conflict with how I started up the system.


How many do you want to add? Doing a few on your own is not hard.
dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Thu Mar 05, 2020 3:20    Post subject: Reply with quote
Wildlion wrote:
Think of it this way, someone has to spend the time to do the configuration. The developers only want to spend so much time, but they have given the ability for others to do the modifications.

from a previous post I have done
Quote:

So here are the steps that I used on one of my routers (YMMV):

1. Add to dnsmasq.conf

Code:

no-resolv
all-servers
server=127.0.53.1#30
server=127.0.53.2#30


2. kill dnsmasq

3. Run on command line:

Code:

dnscrypt-proxy -S -a 127.0.53.1:30 -R quad9-dnscrypt -L ./dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -a 127.0.53.2:30 -R quad9-alt-dnscrypt -L ./dnscrypt-resolvers.csv -d

dnsmasq -u root -g root --conf-file=./dnsmasq.conf




For this example/notes the dnscrypt-resolvers.csv file looked like:

Code:

Name,"Full name","Description","Location","Coordinates",URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record
quad9-dnscrypt,"quad9-dnscrypt-ip4-filter-pri","quad9-dnscrypt-ip4-filter-pri","Anycast","",https://quad9.net,1,yes,yes,no,9.9.9.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,
quad9-alt-dnscrypt,"quad9-dnscrypt-ip4-filter-alt","quad9-dnscrypt-ip4-filter-alt","Anycast","",https://quad9.net,1,yes,yes,no,149.112.112.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,


This was my example for quad9. If there is another one you want to use setting some of the options can take a little bit of digging. But it is just a csv file with each line being a record. The "-R quad9-alt-dnscrypt" tells that instance to run the information for that resolver named in the file

These steps were to manually start up, but should be easily extended to start up automatically.

I do not know if running other services will conflict with how I started up the system.


How many do you want to add? Doing a few on your own is not hard.


Something like that. More straightforward to use the installed dnscrypt-proxy (I think that’s v.1?). I just went the Entware route to get more up to date version.

Also, it’s easiest to customize DNSmasq if you spin your own at startup (need to turn it off complete in the GUI, otherwise check.ps will kill your instance)
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Thu Mar 05, 2020 19:10    Post subject: Reply with quote
dragonC wrote:
Wildlion wrote:
Think of it this way, someone has to spend the time to do the configuration. The developers only want to spend so much time, but they have given the ability for others to do the modifications.

from a previous post I have done
Quote:

So here are the steps that I used on one of my routers (YMMV):

1. Add to dnsmasq.conf

Code:

no-resolv
all-servers
server=127.0.53.1#30
server=127.0.53.2#30


2. kill dnsmasq

3. Run on command line:

Code:

dnscrypt-proxy -S -a 127.0.53.1:30 -R quad9-dnscrypt -L ./dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -a 127.0.53.2:30 -R quad9-alt-dnscrypt -L ./dnscrypt-resolvers.csv -d

dnsmasq -u root -g root --conf-file=./dnsmasq.conf




For this example/notes the dnscrypt-resolvers.csv file looked like:

Code:

Name,"Full name","Description","Location","Coordinates",URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record
quad9-dnscrypt,"quad9-dnscrypt-ip4-filter-pri","quad9-dnscrypt-ip4-filter-pri","Anycast","",https://quad9.net,1,yes,yes,no,9.9.9.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,
quad9-alt-dnscrypt,"quad9-dnscrypt-ip4-filter-alt","quad9-dnscrypt-ip4-filter-alt","Anycast","",https://quad9.net,1,yes,yes,no,149.112.112.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,


This was my example for quad9. If there is another one you want to use setting some of the options can take a little bit of digging. But it is just a csv file with each line being a record. The "-R quad9-alt-dnscrypt" tells that instance to run the information for that resolver named in the file

These steps were to manually start up, but should be easily extended to start up automatically.

I do not know if running other services will conflict with how I started up the system.


How many do you want to add? Doing a few on your own is not hard.


Something like that. More straightforward to use the installed dnscrypt-proxy (I think that’s v.1?). I just went the Entware route to get more up to date version.

Also, it’s easiest to customize DNSmasq if you spin your own at startup (need to turn it off complete in the GUI, otherwise check.ps will kill your instance)


Hey great info! I don't know which route im going going with, im guessing you have to have your usb mounted to /opt for entware. Need to fix my usbharddrive, it been collecting dust not configure right...exfat giving me issues. Need to format it to ext3 maybe.

Need to look up all the giving commands, don't like just copy-paste. Will be updating when i have time! (reading time)

Cheers! Very Happy

_________________
R7000@1400mhz

dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Thu Mar 05, 2020 20:56    Post subject: Reply with quote
lolloobernie wrote:
dragonC wrote:
Wildlion wrote:
Think of it this way, someone has to spend the time to do the configuration. The developers only want to spend so much time, but they have given the ability for others to do the modifications.

from a previous post I have done
Quote:

So here are the steps that I used on one of my routers (YMMV):

1. Add to dnsmasq.conf

Code:

no-resolv
all-servers
server=127.0.53.1#30
server=127.0.53.2#30


2. kill dnsmasq

3. Run on command line:

Code:

dnscrypt-proxy -S -a 127.0.53.1:30 -R quad9-dnscrypt -L ./dnscrypt-resolvers.csv -d
dnscrypt-proxy -S -a 127.0.53.2:30 -R quad9-alt-dnscrypt -L ./dnscrypt-resolvers.csv -d

dnsmasq -u root -g root --conf-file=./dnsmasq.conf




For this example/notes the dnscrypt-resolvers.csv file looked like:

Code:

Name,"Full name","Description","Location","Coordinates",URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record
quad9-dnscrypt,"quad9-dnscrypt-ip4-filter-pri","quad9-dnscrypt-ip4-filter-pri","Anycast","",https://quad9.net,1,yes,yes,no,9.9.9.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,
quad9-alt-dnscrypt,"quad9-dnscrypt-ip4-filter-alt","quad9-dnscrypt-ip4-filter-alt","Anycast","",https://quad9.net,1,yes,yes,no,149.112.112.9:8443,2.dnscrypt-cert.quad9.net,67C8:47B8:C875:8CD1:2024:5543:BE75:6746:DF34:DF1D:84C0:0B8C:4703:68DF:821D:863E,


This was my example for quad9. If there is another one you want to use setting some of the options can take a little bit of digging. But it is just a csv file with each line being a record. The "-R quad9-alt-dnscrypt" tells that instance to run the information for that resolver named in the file

These steps were to manually start up, but should be easily extended to start up automatically.

I do not know if running other services will conflict with how I started up the system.


How many do you want to add? Doing a few on your own is not hard.


Something like that. More straightforward to use the installed dnscrypt-proxy (I think that’s v.1?). I just went the Entware route to get more up to date version.

Also, it’s easiest to customize DNSmasq if you spin your own at startup (need to turn it off complete in the GUI, otherwise check.ps will kill your instance)


Hey great info! I don't know which route im going going with, im guessing you have to have your usb mounted to /opt for entware. Need to fix my usbharddrive, it been collecting dust not configure right...exfat giving me issues. Need to format it to ext3 maybe.

Need to look up all the giving commands, don't like just copy-paste. Will be updating when i have time! (reading time)

Cheers! Very Happy


If you don’t need a lot of storage, just grab a USB flash drive. 4GB is more than enough to store many opt wares
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Fri Mar 06, 2020 0:10    Post subject: Reply with quote
dragonC wrote:

If you don’t need a lot of storage, just grab a USB flash drive. 4GB is more than enough to store many opt wares


I have an usb 3.0 500gb that just collects dust...this is the best usage i have for it Razz

What i need is more NVMe Gen4 ssd;s Rolling Eyes

_________________
R7000@1400mhz

dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Fri Mar 06, 2020 1:02    Post subject: Reply with quote
lolloobernie wrote:
What i need is more NVMe Gen4 ssd;s Rolling Eyes


If you have the $$ why not:) Get a full array and aggregated link to make an ultra fast NAS.
lolloobernie
DD-WRT Novice


Joined: 27 Sep 2019
Posts: 18

PostPosted: Fri Mar 06, 2020 8:40    Post subject: Reply with quote
dragonC wrote:
lolloobernie wrote:
What i need is more NVMe Gen4 ssd;s Rolling Eyes


If you have the $$ why not:) Get a full array and aggregated link to make an ultra fast NAS.


So you telling me, $$$ = more SSD;s? Shocked
What kind of sorcery is this?

_________________
R7000@1400mhz

dragonC
DD-WRT User


Joined: 23 May 2015
Posts: 272

PostPosted: Fri Mar 06, 2020 12:21    Post subject: Reply with quote
lolloobernie wrote:
dragonC wrote:
lolloobernie wrote:
What i need is more NVMe Gen4 ssd;s Rolling Eyes


If you have the $$ why not:) Get a full array and aggregated link to make an ultra fast NAS.


So you telling me, $$$ = more SSD;s? Shocked
What kind of sorcery is this?


Smile
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri Mar 06, 2020 15:14    Post subject: Reply with quote
you might have a look here there are plenty of details how to run ver 1.95 via CLI/commands and how to run via Entware...


https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1172544#1172544

do keep in mind DNScrypt-proxy v2 via Entware has very few servers that support it, but has the ability to use DoH servers instead...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1848
Location: Canada

PostPosted: Fri Mar 06, 2020 15:34    Post subject: Reply with quote
I have a small write up on Entware's DNSCrypt-Proxy V2 at the bottom of my signature that you can click.
_________________
Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum