dnscrypt-proxy is an application that acts as a local DNS stub resolver using DNSCrypt. It encrypts your DNS traffic improving security and privacy. dnscrypt-proxy is the client-side version of dnscrypt-wrapper. Follow DNSCrypt with Dnsmasq and dnscrypt-proxy to properly setup DNSCrypt via dnscrypt-proxy on your router.
opkg update opkg install dnscrypt-proxy
opkg update opkg install luci-app-dnscrypt-proxy
| ||string||yes|| ||The IP address of the proxy server.|
| ||string||yes|| ||Listening port for DNS queries.|
| ||string||no||none||Provider name for a custom resolver not present in the CSV file.|
| ||string||no||none||Provider public key for a custom resolver not present in the CSV file.|
| ||string||no||none||Resolver address for a custom resolver not present in the CSV file.|
| ||string||no||none||DNS service for resolving queries. You can't add more than one resolver.|
| ||string||no|| || Location of CSV file containing list of resolvers. When you use a custom DNSCrypt server and you later get problems when executing DNSCrypt, have a look in the resolver list (
| ||boolean||no|| ||Improve privacy by using an ephemeral public key for each query. Note that you cannot yet use it with current (Chaos Calmer) version of OpenWrt as the dnscrypt-proxy package is outdated and uses a version of DNSCrypt, which does not support ephemeral keys. Ephemeral keys option requires extra CPU cycles (especially on non-x86 platforms) and can cause huge system load. Disable it in case of performance problems. Also this option is useless with most DNSCrypt servers (all the servers using short TTLs for the certificates, which is done by default in the Docker image).|
| ||string||no||none||Use a client public key for identification. By default, the client uses a randomized key pair in order to make tracking more difficult. This option does the opposite and uses a static key pair, so that DNS providers can offer premium services to queries signed with a known set of public keys. A client cannot decrypt the received responses without also knowing the secret key. The value of this property is the path to a file containing the secret key. The corresponding public key is computed automatically|
| ||boolean||no|| || Cache DNS responses. Should be kept to false (
| ||boolean||no|| ||Immediately reply to IPv6 requests with an empty value. Useful if your network doesn't support IPv6 as it avoids useless requests to upstream resolvers and having to wait for a response.|
| ||string||no||none||Block IP addresses or names matching a list of patterns.|
| ||boolean||no|| ||Send logs to the syslog daemon.|
| ||string||no|| ||Log entries can optionally be prefixed with a string.|
| ||int||no|| || Don't log events with priority above this log level. Valid values are between
| ||string||no||none|| File where to log DNS queries. The file name can be prefixed with
config dnscrypt-proxy 'dnscryptfrv4' option address '127.0.0.1' option port '5353' option resolver 'dnscrypt.org-fr'
config dnscrypt-proxy 'dnscryptnlv6' option address '[::1]' option port '5354' option resolver 'dnscrypt.nl-ns0-ipv6'
config dnscrypt-proxy 'dnscryptcav4' option address '127.0.0.1' option port '5355' option providername '2.dnscrypt-cert.dnscrypt.ca-1' option providerkey '1A53:A3C9:5078:9CBD:D10B:1933:A468:9B6C:846A:40F1:B73D:1752:AECA:C982:9ECB:7CE2' option resolveraddress '188.8.131.52:443'
config dnscrypt-proxy 'dnscryptdkv6' option address '[::1]' option port '5356' option providername '2.dnscrypt-cert.resolver2.dnscrypt.eu' option providerkey '3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955' option resolveraddress '[2001:1448:243::dc2]:443'