[johnnyNobody999]

Not sure if this belongs here or some other forum but I'll start here. I'm running dnscrypt-proxy2 - 2.0.45-1 on Entware on a Netgear R9000 router and it works most of the time but for some reason dns resolving quit working in the middle of a movie last night. According to the Status tabs everything looked fine but when I executed drill the query failed. I was able to access the router and executed rc.unslung restart but rc.unslung check showed dnscrypt-proxy as dead. I then rebooted the router from the Administration tab but that wouldn't fix it even though I rebooted 3 times. So, I powered off the router, waited 30 seconds and then powered up again and that fixed the problem. So I have to assume that the dnscrypt-proxy package to be OK. So, what else can I do to diagnose this problem? This isn't the first time this has happened in the past month where I've done at least 3 firmware flashes. dd-wrt firmware 46177.

Additional info:

root@r9000master:~# opkg list | grep dnscrypt-proxy
dnscrypt-proxy - 2019-08-20-07ac3825-3 - dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.
dnscrypt-proxy-resolvers - 2019-08-20-07ac3825-3 - Package with current list of dnscrypt-proxy resolvers.
dnscrypt-proxy2 - 2.0.45-1 - DNSCrypt is a network protocol designed by Frank Denis and Yecheng Fu, which authenticates Domain Name System (DNS) traffic between the user's computer and recursive name servers.
dnscrypt-proxy2_nohf - 2.0.45-1 - DNSCrypt is a network protocol designed by Frank Denis and Yecheng Fu, which authenticates Domain Name System (DNS) traffic between the user's computer and recursive name servers.

[Alozaros]

hmm...yes it happens form time to time, but not very often...at all
i also have DNScrypt-proxy on remote router i manage (R7800)..few days ago i've updated Entware, so check it may need..

opkg update
opkg upgrade

also some resolvers go down from time to time..

to be honest DNScrypt or Stubby or SmartDNS don't fail too often..it could be the router process monitor that looks after the running services/processes...
if it happens too often.. report again...

[johnnyNobody999]

[Alozaros]

if DNScrypt is in opt (where it should be), issue from ssh or telnet to reboot it only...

/opt/etc/init.d/rc.unslung restart

[johnnyNobody999]

[SurprisedItWorks]

And remember, flash drives can go bad. I lost the one on my main router recently, and it began with weird errors.

[mac913]

Whenever upgrading to the latest Entware DNSCrypt Proxy V2 always use the *NEW* toml file and update it to your configuration.

I have changed my listening port to 5353 for example in the the toml file I use...

listen_addresses = ['127.0.0.1:5353', '[::1]:5353']

In the DNSMasq GUI I have...

no-resolv
domain-needed
all-servers
server=/ntp.org/2620:fe::9
server=/ntp.org/9.9.9.9
server=::1#5353
server=127.0.0.1#5353
dhcp-option-force=option6:dns-server,[2620:fe::9]
dhcp-option=6,9.9.9.9

I do Force DNS to DNSCrypt with these Firewall Rules...

# Free Router/Gateway and up to address 127 from DNSCrypt
# Have DHCP start IP 192.168.1.128 with Max DHCP Users as 127
iptables -t nat -I PREROUTING -p udp -s 192.168.1.128/25 --dport 53 -j DNAT --to 192.168.1.1:53
iptables -t nat -I PREROUTING -p tcp -s 192.168.1.128/25 --dport 53 -j DNAT --to 192.168.1.1:53
# Always Delete Incase of Reload
ip6tables -t nat -D PREROUTING -p udp -i br0 --dport 53 -j DNAT --to [::1]:5353
ip6tables -t nat -D PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to [::1]:5353
ip6tables -t nat -I PREROUTING -p udp -i br0 --dport 53 -j DNAT --to [::1]:5353
ip6tables -t nat -I PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to [::1]:5353

Just some ideas to try. I have have over 5 days uptime with build r46177 with Entware v2.0.45 DNSCrypt-Proxy V2.

[johnnyNobody999]

I think I'm still having problems with dnscrypt proxy for Entware. ;; Query time: 10153 msec -- subsequent queries are shorter but still over 100 ms.

I don't know if this is causing my video streaming issues but the video streaming is getting worse to where it doesn't start the stream even after 5 minutes of waiting. This streaming issue occurs on Amazon Prime Video, youtube videos, and FoxNation videos.Speed tests show I have 500+ Mb download speeds. Even non-video web pages are slow to load. I just upgraded my routers to dd-wrt firmware to 49559 and still have a problem. And it doesn't matter if I'm hardwired to the router or on wifi.

[Alozaros]

this is quite long delay for queries...
The Question remain:
-did you update Entware and DNScrypt
-did you use the new .toml config file..
-show us your config, cover the sensitive data
-try to use different resolver as those bad results could be related to your current:
-i had no problem with the new updated DNScrypt-proxy v2 when
i tested it.. (it runs on a R7800)..
-do you use a thumb drive or ssh/hdd drive...what format (entware usually uses .ext2, 3 or 4)

i don't need any rules to force DNScrypt...as it works out of the box...as a stub resolver...you can see router requests on port 53 are unreplayed and router DNScrypt-proxy v2 is using port 5353 or whatever you set it to use and 127.0.0.1 to listen...

Im not using ipv6 neither on my router nor on DNScrypt-proxy v2...

[johnnyNobody999]

[dale_gribble39]

Entware seems to be slightly behind the power curve:

https://github.com/DNSCrypt/dnscrypt-proxy

https://github.com/DNSCrypt/dnscrypt-resolvers

That's the trouble with relying on that option. If only the upstream developers hadn't tied dependency to golang.

[Alozaros]

ignore_system_dns = true
listen_addresses = ['127.0.0.1:30']
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
require_dnssec = true
doh_servers = false
refused_code_in_responses = true
fallback_resolver = '9.9.9.9:53'


the default listen address is 127.0.0.1:30 but not port 5353...
but i dont think it will make any difference

also make sure dnscypt form GUI is disabled...

those are the servers i use:

'dnscrypt-de-blahdns-ipv4' 'dnswarden-eu-adblock-dcv4' 'quad9-dnscrypt-ip4-filter-pri' 'v.dnscrypt.uk-ipv4'

if you have any server that's going off..not every time DNScrypt switches to the next that fast it takes time...as it needs to exchange certificates...(one reason i don't like it)... On my System R7800 ive build, it works 24/7 with no problem...touch wood...make sure you use the last .toml as the old versions are not compatible any more...try no to fiddle with all the settings...as sometimes it hangs with no reason and than you have to start all over...

[egc]

I am a happy user of DoH via our built-in SmartDNS, easy to setup:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896

But it is hard to keep track of all the DNS possibilities and the Pro's and Con's

https://dnscrypt.info/faq/
https://help.nextdns.io/t/x2hmvas/what-is-dns-over-tls-dot-dns-over-quic-doq-and-dns-over-https-doh-doh3

[Alozaros]

So far, DNScrypt v2 is "the most"....

SmartDNS is not bad alternative at all..it supports DoH or DoT...its present in DDWRT and much more..

I use Stubby DoT via Entware, as the worst option..cheap and simple DoT...and...it works...
But there is Unbound witch is great too, as it supports many DNS options as well DoH and DoT...

Any of those will do...