How too install and use DNSCrypt with Gargoyle
Posted: Tue Sep 30, 2014 10:05 am
Update in the 1.8.x and 1.9.x branch this will not work alongside the DNS adblock plugin. At least i cant get it to work.
This is just how i got it to work. I am not a networking expert. If you try and do this i will try and help but.....
OK first let's start with what DNSCrypt is!
Description
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using
the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to
DNSCurve,
but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.
It also provides some confidentiality to DNS queries.
http://dnscrypt.org/
I use OpenDNS more info on there site here:
http://www.opendns.com/about/innovations/dnscrypt/
For those who CBA to read DNSCrypt is like SSL for DNS servers!
DNSCrypt - OpenWrt Wiki
http://wiki.openwrt.org/inbox/dnscrypt
So hears what i did to get it to work on my WDN750 running GargoylePL 1.6.2.2
This line is not needed in 1.8.x and 1.9.x as DNSCrypt has bin aded to the packages on the openwrt website.
Using WinSCP ad this line to /etc/opkg
src/gz exopenwrt http://exopenwrt.and.in.net/attitude_ad ... x/packages
Save and exit.
Then in the webshell type thees lines one by one.
opkg update
opkg install dnscrypt-proxy
Now you have DNSCrypt installed!
The config file /etc/config/dnscrypt-proxy is simple and will be rarely edited. If you are using OpenDNS then this is already the default resolver so you
do not have to change anything.
Now we need to go back to the webshell
and we will start DNSCrypt and enable auto boot for it:
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
Now i used WinSCP again to edit the bold lines in /etc/config/dhcp
start of my file
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
list server '127.0.0.1#2053'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list rebind_domain 'free.aero2.net.pl'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
end of file
Wen you have dun save and close
Now you need to restart DHCP.
In the webshell do
/etc/init.d/dnsmasq restart
Then in a cmd prompt on windows you need to flush the DNS type
ipconfig /flushdns
How to check if your DNS queries are using dnscrypt with OpenDNS
In Windows:
nslookup -type=txt debug.opendns.com.
In Linux:
dig debug.opendns.com txt
One of the entries should be "dnscrypt enabled (<number>)".
I hope this helps.
some more info here
http://wiki.openwrt.org/inbox/dnscrypt
DNSCrypt setup — securing DNS communications
https://forum.openwrt.org/viewtopic.php?id=36380
This is just how i got it to work. I am not a networking expert. If you try and do this i will try and help but.....
OK first let's start with what DNSCrypt is!
Description
dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using
the DNSCrypt protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to
DNSCurve,
but focuses on securing communications between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks.
It also provides some confidentiality to DNS queries.
http://dnscrypt.org/
I use OpenDNS more info on there site here:
http://www.opendns.com/about/innovations/dnscrypt/
For those who CBA to read DNSCrypt is like SSL for DNS servers!
DNSCrypt - OpenWrt Wiki
http://wiki.openwrt.org/inbox/dnscrypt
So hears what i did to get it to work on my WDN750 running GargoylePL 1.6.2.2
This line is not needed in 1.8.x and 1.9.x as DNSCrypt has bin aded to the packages on the openwrt website.
Using WinSCP ad this line to /etc/opkg
src/gz exopenwrt http://exopenwrt.and.in.net/attitude_ad ... x/packages
Save and exit.
Then in the webshell type thees lines one by one.
opkg update
opkg install dnscrypt-proxy
Now you have DNSCrypt installed!
The config file /etc/config/dnscrypt-proxy is simple and will be rarely edited. If you are using OpenDNS then this is already the default resolver so you
do not have to change anything.
Now we need to go back to the webshell
and we will start DNSCrypt and enable auto boot for it:
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
Now i used WinSCP again to edit the bold lines in /etc/config/dhcp
start of my file
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
list server '127.0.0.1#2053'
list server '/pool.ntp.org/208.67.222.222'
# list server '208.67.222.222'
# list server '208.67.220.220'
list rebind_domain 'free.aero2.net.pl'
list addnhosts '/etc/block.hosts'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '6h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
end of file
Wen you have dun save and close
Now you need to restart DHCP.
In the webshell do
/etc/init.d/dnsmasq restart
Then in a cmd prompt on windows you need to flush the DNS type
ipconfig /flushdns
How to check if your DNS queries are using dnscrypt with OpenDNS
In Windows:
nslookup -type=txt debug.opendns.com.
In Linux:
dig debug.opendns.com txt
One of the entries should be "dnscrypt enabled (<number>)".
I hope this helps.
some more info here
http://wiki.openwrt.org/inbox/dnscrypt
DNSCrypt setup — securing DNS communications
https://forum.openwrt.org/viewtopic.php?id=36380