Posted: Wed Nov 17, 2021 19:09 Post subject: Add server/location to DNSCrypt list
I am running version 3.0 r47644 on a R7000P and I am trying to add a couple servers/locations that are not listed in the DNSCrypt dropdown list. Looking for a way to do this. I was trying to do this via terminal, but I am getting an error when trying to ammend the /etc/dnscrypt/dnscrypt-resolvers.csv file, saying it is a read-only filesystem. Thanks in advance for any help.
So far I've tried:
-copying the file, making the changes and then copying it back to the location. Can't save back to file location.
-making the changes via 'vi' to the csv direcly. Cannot save, read only.
-copying the file and making changes to that one, cannot copy the file.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Wed Nov 17, 2021 20:09 Post subject:
See the DNSCrypt links in my sig. May give you some ideas. Those approaches are still working here. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
See the DNSCrypt links in my sig. May give you some ideas. Those approaches are still working here.
It tried your old and new link, however, it appears that when I am adding that script to the start up it ends up breaking my vpn connection. I wish there was someway to add locations on the dnscrypt.csv as those seem to work as intended with the vpn active.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Thu Nov 18, 2021 16:55 Post subject:
Perhaps the easiest way to have VPN connection fail when using a DNSCrypt setup is to have it looking to resolve a server name like myserver.vpnprovider.com before the DNSCrypt DNS system is up and ready for action. If you are using OpenVPN, it will normally wait a while and try again, and if it still fails, it will rinse and repeat but with longer and longer wait intervals. Eventually it's waiting 5m between tries, so you may have to be patient to see it succeed. I normally include this in the OpenVPN client's Additional Config to make it easier to look at the log (assuming you are linux person comfortable with the CLI):
verb 4
log /tmp/root/vpn.log
That file is in your home directory in the CLI, so in the CLI you can just cat vpn.log to dump the log to the terminal. Setting the verbosity level to 4 (default is 3) puts more detail in the log.
Or, if you are using wireguard or don't want to make OpenVPN wait for DNSCrypt startup, you can add something like
server=/myserver.vpnprovider.com/9.9.9.9
to DNSMasq Additional Options so that myserver.vpnprovider.com will always be resolved via DNS server 9.9.9.9 but without going through DNSCrypt. It will of course mean a DNS-snooping/logging ISP will get myserver.vpnprovider.com for their log, but if they really care what you connect to they can of course look at any encrypted packet you are sending off to myserver.vpnprovider.com and get the numerical IP. If this mild level of revelation bothers you, just go with a numerical IP for the server. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Thu Nov 18, 2021 17:06 Post subject:
if you call DNScrypt form a start up script you may add
sleep 20
on the top of the script..so it ill delay script loading, but than again VPN need DNS to resolve its address unless its not an IP..as well DNScrypt needs correct NTP time...
bear in mind if using DNScrypt via start up script you need to disable the DNScrypt GUI option
if you need more advanced DNScrypt check the green link in my sig _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Here is the config i used last year. i just update to 15nov version and got as many some 5g issues. will check later for dnscrypt, as no DoH or DoT is present. But you can force some server, but this is with the older dnscrypt version. need to check if new server do work the same or get up directly. Got 2 post about the full config. but here the startup section :
Code:
cat << "EOF" > "/tmp/root/dnscrypt-resolvers.csv"
"Name","Description","Location","Coordinates","URL","Version","DNSSEC validation","No logs","Namecoin","Resolver address","Provider name","Provider public key","Provider public key TXT record"
"dnscrypt.eu-nl","Netherlands, uncensored, no-logs, encrypted, no DNSSEC validated","Netherlands","+52.3824, 4.8995","","1","yes","yes","no","176.56.237.171:443","2.dnscrypt-cert.resolver1.dnscrypt.eu","67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66",""
"dnscrypt #2 config srv here as same..."...,....85",""
EOF