Posted: Mon Apr 30, 2018 14:49 Post subject: Kong please update DNSCrypt to v2 because v1 is down
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Posted: Mon Apr 30, 2018 16:31 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Thanks in advance!
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Posted: Mon Apr 30, 2018 16:43 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
<Kong> wrote:
ciscodlink wrote:
I already posted this a few times in the "Kong Firmware Threads" but it doesn't seem to get any attention.
So here I am trying again with a dedicated thread this time:
- DNSCrypt development has stopped.
- A new developer has taken over and continues developing DNSCrypt under the name "DNSCrypt v2".
- Most (if not all) resolvers stopped supporting the old DNSCrypt v1 and only work with DNSCrypt v2 from now on (e.g. Cisco, d0wn, dnscrypt-eu.nl,.....)
- DNSCrypt v2 brings a lot of major fixes and improvements
@Kong:
If you read this, please update DNSCrypt in the next firmware. I have had to jump between resolvers every few days now and today it seems like none of the available resolvers in the firmware are working anymore. So I had to completely disable DNSCrypt today.
Thanks in advance!
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.
Hm thats really bad news
But maybe its still worth a try or could be optimized for routers?
So I ended up troubleshooting a network issue for a while not realising it was DNSCrypt all a long. Oops. Wish I'd seen this post earlier!
Potenitally Entware is an option to continue using DNSCrypt, currently has the old 1x version, but will be updated soonish, or perhaps move over to ubound as others have said.
In fact the arm binary on the official GitHub page works on armv7:
I personally have too much dependency on dnsmasq currently with ipset (split VPN tunnel stuff), so I'll be sticking with dnsmasq. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
This doesn't fix things for DD-WRT, and I've been out of pocket on these forums for a while, but I recently moved DNSCrypt to a Raspberry Pi that is also running Pi-Hole.
Router/clients -> Pi-Hole -> loopback to DNSCrypt port -> out to OpenDNS
Took me a bit to get the Pi-Hole and DNSCrypt pieces to both work on start up and some other desired config with correct user permissions etc., but is all working very nicely now.
Let me know if you would like more information. _________________ R7000 Nighthawk - DD-WRT v3.0-r40270M kongac (07/11/19)
R7000 Nighthawk - DD-WRT v3.0-r40270M kongac (07/11/19)
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.
Posted: Thu Jul 12, 2018 13:31 Post subject: Re: Kong please update DNSCrypt to v2 because v1 is down
<Kong> wrote:
With dnscryptv2 the devs switched to go, this is a problem fr embedded devices, as go needs an extra toolchain and has a large memory footprint. I don't think we will switch to it. Unbound is supposed to have support for dns via tls support, thus might be the better solution.
When you say large memory footprint is this flash memory or process memory?
I've got 512MB RAM in the 1900DHP, and I'd suspect that there is likely more room in the flash memory as well.
And there are likely many other routers out there with a decent amount of hardware these days.
Alternatively, if it comes down to a flash constraint, could it be split up to leverage jffs2 flash space instead? _________________ Routers:
WXR-1900DHP - Active (main) - v3.0-r36070M kongac (05/31/18 )
WZR-N600DHP - Wired AP - v3.0-r33679 BS (11/04/17)
WNDR-3400 - retired to its box for several years
@HalfBit - Could you PM to let me know your configuration for DNSCRYPT and PiHOLE. I currently use PiHole on a TinkerBoard (almost the same as a Raspberry Pi, just faster) using DietPi, but would like to have DNSCRYPT on the TB, as I believe it's not possible to have it and YaMON installed on the R9000.
Joined: 16 Nov 2015 Posts: 4258 Location: UK, London, just across the river..
Posted: Thu Dec 27, 2018 7:12 Post subject:
yep DNSCrypt is a killer, its a nice thing to have..
i don't have any troubles with it its been working fairly with no issues at all its very much about the correct server used as many of them tend to go down for either maintenance or anything else quite often...
those once i choose are stable and do work most of the time...
DNSCrypt is also very NTP time dependant so if its not working DNSCrypt makes an issues so those one that complain check your NTP time servers
DNSCrypt encrypts and DNSSEC all the DNS requests in both directions so UNbound and DNS over TLS or Doh are not the same at all...DNSCrypt provides much more security as well DNSSEC, DoH and Tls
sadly the new DNSCrypt is using Go Lang and its huge
so if there is any compress trick to be able to fit it in to the Flash size than it will be awesome to have it otherwise we can use it on computer level if so...
the other alternative will be DoH POST option as tls is more easy to monitor and hack unless its not tls 1.3 but most of the openDNS like 9.9.9.9 & 1.1.1.1 already support DoH and Tls
i guess this thing might even help on router level... https://blog.technitium.com/2018/12/configuring-dns-over-tls-and-dns-over.html _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 45993 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 46395 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 46166 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 46259 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 46259 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
I agree....DNScrypt still running strong here with four servers all also using DNSSEC
Although one of them has a rekey issue for an hour or two each day.....assuming that would be a timezone issue
As far as the NTP issues many have reported......here are my two cents
<Kong> fixed that a long time ago
You have to leave the box blank and only select a timezone
Now here is the catch that seams to get many
In my testing in the past...once you enter anything...whether it be a name or ip address....then delete it...something gets left behind in the nvram....causing it to not work properly
Only solution is to "erase nvram" if on an older firmware or "nvram erase" if on a more current build......gui reset to default may also work...but personally I never tested it for this issue
For completeness....if I only use one DNScrypt server through the gui...it sometimes takes up to five minutes to get the enitial time after a reboot?
When run from command line in a startup script using the four servers....the time is always set on the first try? _________________ Location 1
R6300V2- DD-WRT v3.0-r39345M kongac (04-03-19) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Gateway
R6300V2- DD-WRT v3.0-r39345M kongac (04/03/19) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2 devices: RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge (0.8km/0.5mi)tx/rx 866.6Mbps-1GbpsLAN
Location 3
R7000 DD-WRT v3.0-r44627 netgear-r7000 (10/22/20) Access Point
2 devices: RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge tx/rx 2.3Gbps-1GbpsLAN
Thank You BrainSlayer & <Kong> for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Joined: 16 Nov 2015 Posts: 4258 Location: UK, London, just across the river..
Posted: Fri Dec 28, 2018 18:42 Post subject:
216.239.35.4 paste it in the NTP box and select your time zone it never failed... its one of the GGL ntp time servers and if you use a name instead of IP its buggy.. _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 45993 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 46395 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 46166 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 46259 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 46259 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
ould you please shard these settings cause DNSCrypt V1 kills my internet and this has been since 34760, i think.
its one of the GGL ntp time servers and if you use a name instead of IP its buggy..