Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Thu Nov 10, 2022 10:24 Post subject:
portsup wrote:
You are not understanding the problem which is inspite of anything set in ntp_server ddwrt won't use it if DNScrypt is enabled.
Not so according to the source codes. "||" is logical OR ... unless "nvram get dns_crypt" somehow equaled to 0??
Quote:
Anyway I seem to have fixed it using iptables to redirect running in the startup script.
That should be related to DNScript after the clock was set and DNScrypt was loaded successfully. But then I don't use DNScrypt. So I should bug out. Sorry!
Anyway, "grep -i dns /var/log/messages | grep -i crypt" should have helped. Also "grep -i ntpclient /var/log/messages". Or maybe just "grep -i -E 'dnscrypt|ntpclient' /var/log/messages"
Also, do you have some special firewall rules? If those rules were all related to DNScrypt, then you possibly loaded those rules too early. You should make sure that those rules are loaded only after DNScrypt is working. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Thu Nov 10, 2022 10:24 Post subject:
I vote NTP, to check the box first, than apply any other hardcoded NTP time servers..as those could be off..and yes i did a test with DNScrypt v1xx that comes along with DDWRT and it does that bad behaviour
Jan 1 02:01:10 DD-WRT5 daemon.err ntpclient[1458]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 1 02:01:10 DD-WRT5 daemon.err ntpclient[1458]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 1 02:01:10 DD-WRT5 daemon.notice ntpclient[1458]: Network up, resolved address to hostname 212.18.3.19
Jan 1 02:01:10 DD-WRT5 daemon.debug ntpclient[1458]: Connecting to 212.18.3.19 [212.18.3.19] ...
Nov 10 10:01:58 DD-WRT5 daemon.info ntpclient[1458]: Time set from 212.18.3.19 [212.18.3.19].
Nov 10 10:01:58 DD-WRT5 daemon.info process_monitor[1457]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Nov 10 10:01:58 DD-WRT5 daemon.info process_monitor[1457]: Local timer delta is 1668074453
Nov 10 10:02:59 DD-WRT5 daemon.debug ntpclient[3922]: Connecting to 2.pool.ntp.org [178.124.134.106] ...
after change the dnscrypt server + save apply
Nov 10 10:02:59 DD-WRT5 daemon.info ntpclient[3922]: Time set from 2.pool.ntp.org [178.124.134.106].
Nov 10 10:02:59 DD-WRT5 daemon.info process_monitor[3921]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Nov 10 10:02:59 DD-WRT5 daemon.info process_monitor[3921]: Local timer delta is 0
and yes it does ignore the NTP time i set GGl...as an IP ...but it works with the hardcoded and DNScrypt v1xx is up and running, so its down to if those hardcoded servers are off and DDWRT rotates those as you can see...hey i've found the hot water...but i'm not using the DDWRT DNScrypt v1xx (only for the test),
For secure DNS i have better results with Entware - DNScrypt v2xx witch im using instead...
or Stubby or SmartDNS...the last one has updated ssl _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Router/Version: Linksys WRT150N v1.1
Firmware: DD-WRT v3.0-r50841 mini (11/09/22)
Kernel: Linux 2.4.37 #70142 Sat Nov 5 22:11:02 -00 2022 mips
Previous: DD-WRT v3.0-r44715 mini
Mode: Repeater, separate subnet
Status: Working fine on this old hardware
Issues/Errors: none so far
Router/Version: Asus RT-N66U
File: dd-wrt.v24-50841_NEWD-2_K3.x-big-RT-N66U.trx
Firmware: DD-WRT v3.0-r50841 big (11/09/22)
Kernel: Linux 4.4.302-st25 #19945 Wed Nov 9 01:28:35 -00 2022 mips
Mode: Gateway, SFE disabled, Wifi disabled, WAN disabled, Wireguard Endpoint for external VPS, connected via LAN to WRT1900ACS v2, Keep Alive reboot 6:05 in the morning
Reset: No
Status: Installed yesterday, ok.
The entry "server=/pool.ntp.org/8.8.8.8" also resolves the subdomains correctly...
I tried "server=/pool.ntp.org/9.9.9.9" and it wouldn't resolve, but sometimes "server=/2.pool.ntp.org/9.9.9.9" also doesn't resolve so I will test "server=/pool.ntp.org/9.9.9.9" again, I would guess it's an issue with 9.9.9.9 for me.
Router/Version: Linksys WRT54GL v1.1
File/Kernel: dd-wrt.v24 mini generic 50841 / Linux 2.4.37 #70158 Tue Nov 8 22:41:25 -00 2022 mips
Previous/Reset: dd-wrt.v24 mini generic r50814 / no
Mode/Status: AP wired and wireless / Up and running for 5 hours
Issues/Errors: Nothing significant
|| means if either condition ntp_server=0 or dns_crypt=1 exists then the servers used are "2.pool.ntp.org 212.18.3.19 88.99.174.22"
So even if you set ntp_server to your custom servers if dns_crypt aka encyrpt dns is enabled then those will be ignored and "2.pool.ntp.org 212.18.3.19 88.99.174.22" used
The dnscrypt version included in DD-WRT does not function with all DNSCrypt-capable servers because it is using a slowly-being-completely deprecated protocol version - v1. The v2 protocol is the most widely-deployed at present.
Issues, observations, and/or workarounds reported:
• DNScrypt 1.95 can still be used in the GUI but v2 (not compatible) requires Golang and thus Entware. 6246
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Fri Nov 11, 2022 2:37 Post subject:
dale_gribble39 wrote:
The dnscrypt version included in DD-WRT does not function with all DNSCrypt-capable servers because it is using a slowly-being-completely deprecated protocol version - v1. The v2 protocol is the most widely-deployed at present.
No harm starting a new thread about updating DNScrypt. I believe BS is still busy with Privoxy, In-Ady-N, IPv6, and OpenVPN.
BTW, this thread is about build 50841, and DNScrypt stole the show. Meow... _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
If you read anything I just posted, updating dnscrypt version is not going to happen because of golang dependencies and flash space restrictions because of code size required. Surely, you're being sarcastic? _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Fri Nov 11, 2022 15:58 Post subject:
Router/Version: Netgrear R7000
Kernel: Linux 4.4.302-st25 #19945 Wed Nov 9 01:28:35 -00 2022 mips
Mode: Gateway,
Reset: No
Status: Installed today, ok.
NTP ,everything works well mate _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500