How too install and use DNSCrypt with Gargoyle
Moderator: Moderators
How too install and use DNSCrypt with Gargoyle
Update in the 1.8.x and 1.9.x branch this will not work alongside the DNS adblock plugin. At least i cant get it to work.
This is just how i got it to work. I am not a networking expert. If you try and do this i will try and help but.....
OK first let's start with what DNSCrypt is!
Description
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using
the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to
DNSCurve,
but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.
It also provides some confidentiality to DNS queries.
http://dnscrypt.org/
I use OpenDNS more info on there site here:
http://www.opendns.com/about/innovations/dnscrypt/
For those who CBA to read DNSCrypt is like SSL for DNS servers!
DNSCrypt - OpenWrt Wiki
http://wiki.openwrt.org/inbox/dnscrypt
So hears what i did to get it to work on my WDN750 running GargoylePL 1.6.2.2
This line is not needed in 1.8.x and 1.9.x as DNSCrypt has bin aded to the packages on the openwrt website.
Using WinSCP ad this line to /etc/opkg
src/gz exopenwrt http://exopenwrt.and.in.net/attitude_ad ... x/packages
Save and exit.
Then in the webshell type thees lines one by one.
opkg update
opkg install dnscrypt-proxy
Now you have DNSCrypt installed!
The config file /etc/config/dnscrypt-proxy is simple and will be rarely edited. If you are using OpenDNS then this is already the default resolver so you
do not have to change anything.
Now we need to go back to the webshell
and we will start DNSCrypt and enable auto boot for it:
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
Now i used WinSCP again to edit the bold lines in /etc/config/dhcp
start of my file
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
list server '127.0.0.1#2053'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list rebind_domain 'free.aero2.net.pl'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
end of file
Wen you have dun save and close
Now you need to restart DHCP.
In the webshell do
/etc/init.d/dnsmasq restart
Then in a cmd prompt on windows you need to flush the DNS type
ipconfig /flushdns
How to check if your DNS queries are using dnscrypt with OpenDNS
In Windows:
nslookup -type=txt debug.opendns.com.
In Linux:
dig debug.opendns.com txt
One of the entries should be "dnscrypt enabled (<number>)".
I hope this helps.
some more info here
http://wiki.openwrt.org/inbox/dnscrypt
DNSCrypt setup — securing DNS communications
https://forum.openwrt.org/viewtopic.php?id=36380
This is just how i got it to work. I am not a networking expert. If you try and do this i will try and help but.....
OK first let's start with what DNSCrypt is!
Description
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using
the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to
DNSCurve,
but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.
It also provides some confidentiality to DNS queries.
http://dnscrypt.org/
I use OpenDNS more info on there site here:
http://www.opendns.com/about/innovations/dnscrypt/
For those who CBA to read DNSCrypt is like SSL for DNS servers!
DNSCrypt - OpenWrt Wiki
http://wiki.openwrt.org/inbox/dnscrypt
So hears what i did to get it to work on my WDN750 running GargoylePL 1.6.2.2
This line is not needed in 1.8.x and 1.9.x as DNSCrypt has bin aded to the packages on the openwrt website.
Using WinSCP ad this line to /etc/opkg
src/gz exopenwrt http://exopenwrt.and.in.net/attitude_ad ... x/packages
Save and exit.
Then in the webshell type thees lines one by one.
opkg update
opkg install dnscrypt-proxy
Now you have DNSCrypt installed!
The config file /etc/config/dnscrypt-proxy is simple and will be rarely edited. If you are using OpenDNS then this is already the default resolver so you
do not have to change anything.
Now we need to go back to the webshell
and we will start DNSCrypt and enable auto boot for it:
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
Now i used WinSCP again to edit the bold lines in /etc/config/dhcp
start of my file
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
list server '127.0.0.1#2053'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list rebind_domain 'free.aero2.net.pl'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
end of file
Wen you have dun save and close
Now you need to restart DHCP.
In the webshell do
/etc/init.d/dnsmasq restart
Then in a cmd prompt on windows you need to flush the DNS type
ipconfig /flushdns
How to check if your DNS queries are using dnscrypt with OpenDNS
In Windows:
nslookup -type=txt debug.opendns.com.
In Linux:
dig debug.opendns.com txt
One of the entries should be "dnscrypt enabled (<number>)".
I hope this helps.
some more info here
http://wiki.openwrt.org/inbox/dnscrypt
DNSCrypt setup — securing DNS communications
https://forum.openwrt.org/viewtopic.php?id=36380
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: How too install and use DNSCrypt with Gargoyle
Hi can any one give me some help pleas. I cant get this working under 1.9
I installed and then when I set up my dhcp file I get no internet and I cant work out why.
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
# option resolvfile '/tmp/resolv.conf.auto'
option noresolv '1'
list server '127.0.0.1#5353'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
I installed and then when I set up my dhcp file I get no internet and I cant work out why.
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
# option resolvfile '/tmp/resolv.conf.auto'
option noresolv '1'
list server '127.0.0.1#5353'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: How too install and use DNSCrypt with Gargoyle
Wood adblock make it brake?
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: How too install and use DNSCrypt with Gargoyle
Maybe. It broke back when I installed adblock in 1.8.
QoS Tip: Don't complicate your QoS settings. Gargoyle evenly splits available bandwidth between active devices as needed. Just delete all your classification rules and leave only one normal service class and you're done. No more arguing over bandwidth.
Re: How too install and use DNSCrypt with Gargoyle
Yes it breaks it. Adblock plugin forces traffic through port 53. Dnscrypt wants it through 5353.
You can remove the rules in /etc/firewall.user
This means that if any device isn't specifically told to look for the router as a DNS client then they can get around Adblock.
This is a similar issue to how it interacts with the Tor plugin.
You can remove the rules in /etc/firewall.user
This means that if any device isn't specifically told to look for the router as a DNS client then they can get around Adblock.
This is a similar issue to how it interacts with the Tor plugin.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: How too install and use DNSCrypt with Gargoyle
First of all, check your resolver. I have found that resolvers can come and go, unfortunately, and your router's list may be out of date because it probably only gets updated when a new version of DNSCrypt is released (which isn't very often).
The current list should be here: https://github.com/jedisct1/dnscrypt-pr ... olvers.csv Click on the "Raw" link to download that file and paste it over your router's resolver list (/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv).
That file contains information about each resolver and a "friendly" name that will go in etc/config/dnscrypt/dnscrypt-proxy to choose the resolver. I have found that okturtles is reliable, but you'll want to choose something close to your country. It can be difficult to read the file because it looks like a wall of text, but just know that the first thing on each line is the friendly name that will go in your config.
Also, I would try to get one that doesn't log. At the part on each line where it starts going yes or no, It's the second one, "yes" meaning no logs. I believe the default resolver is Cisco, which logs.
BTW, DNSCrypt is included in the Chaos Calmer repositories, so it is no longer necessary to add the line to /etc/okpg (unless you're still on Barrier Breaker).
The current list should be here: https://github.com/jedisct1/dnscrypt-pr ... olvers.csv Click on the "Raw" link to download that file and paste it over your router's resolver list (/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv).
That file contains information about each resolver and a "friendly" name that will go in etc/config/dnscrypt/dnscrypt-proxy to choose the resolver. I have found that okturtles is reliable, but you'll want to choose something close to your country. It can be difficult to read the file because it looks like a wall of text, but just know that the first thing on each line is the friendly name that will go in your config.
Also, I would try to get one that doesn't log. At the part on each line where it starts going yes or no, It's the second one, "yes" meaning no logs. I believe the default resolver is Cisco, which logs.
BTW, DNSCrypt is included in the Chaos Calmer repositories, so it is no longer necessary to add the line to /etc/okpg (unless you're still on Barrier Breaker).
Re: How too install and use DNSCrypt with Gargoyle
Hi Lantis can you have them use the same port?Lantis wrote:Yes it breaks it. Adblock plugin forces traffic through port 53. Dnscrypt wants it through 5353.
You can remove the rules in /etc/firewall.user
This means that if any device isn't specifically told to look for the router as a DNS client then they can get around Adblock.
This is a similar issue to how it interacts with the Tor plugin.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: How too install and use DNSCrypt with Gargoyle
Hi i am stil on CC but i use opendns for dns will I still need to use that file?SirDrexl wrote:First of all, check your resolver. I have found that resolvers can come and go, unfortunately, and your router's list may be out of date because it probably only gets updated when a new version of DNSCrypt is released (which isn't very often).
The current list should be here: https://github.com/jedisct1/dnscrypt-pr ... olvers.csv Click on the "Raw" link to download that file and paste it over your router's resolver list (/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv).
That file contains information about each resolver and a "friendly" name that will go in etc/config/dnscrypt/dnscrypt-proxy to choose the resolver. I have found that okturtles is reliable, but you'll want to choose something close to your country. It can be difficult to read the file because it looks like a wall of text, but just know that the first thing on each line is the friendly name that will go in your config.
Also, I would try to get one that doesn't log. At the part on each line where it starts going yes or no, It's the second one, "yes" meaning no logs. I believe the default resolver is Cisco, which logs.
BTW, DNSCrypt is included in the Chaos Calmer repositories, so it is no longer necessary to add the line to /etc/okpg (unless you're still on Barrier Breaker).
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260
Re: How too install and use DNSCrypt with Gargoyle
You would have to try it mate i'm honestly not sure sorry
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: How too install and use DNSCrypt with Gargoyle
Hi how dus Tor get around it? using port 53 can adblock and Tor use the same port?Lantis wrote:You would have to try it mate i'm honestly not sure sorry
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260
NETGEAR Nighthawk R7800
NETGEAR R6260