Sidebar
docs:guide-user:services:dns:dnscrypt_dnsmasq_dnscrypt-proxy2
Table of Contents
DNSCrypt with Dnsmasq and dnscrypt-proxy2
Introduction
- This how-to describes the method for setting up DNSCrypt on OpenWrt.
- It relies on Dnsmasq and dnscrypt-proxy2 that supports DNSCrypt v2, DNS over HTTPS and Anonymized DNSCrypt.
- Follow DNS encryption for alternative methods or use VPN to protect all traffic.
Goals
- Encrypt your DNS traffic improving security and privacy.
- Prevent DNS leak and DNS hijacking.
- Bypass regional restrictions using public DNS providers.
- Escape DNS-based content filters and internet censorship.
Instructions
Install the packages and configure DNS encryption.
# Install packages opkg update opkg install dnsmasq dnscrypt-proxy2 # Enable DNS encryption uci -q delete dhcp.@dnsmasq[0].server uci add_list dhcp.@dnsmasq[0].server="127.0.0.53#53" # Enforce DNS encryption for LAN clients uci set dhcp.@dnsmasq[0].noresolv="1" uci commit dhcp /etc/init.d/dnsmasq restart
LAN clients should use Dnsmasq as a primary resolver. Dnsmasq forwards DNS queries to dnscrypt-proxy2 which encrypts DNS traffic.
Testing
Verify that domain name resolution works.
nslookup openwrt.org localhost
Check your DNS provider. Make sure there is no DNS leak.
Test DNSSEC validation.
Troubleshooting
Collect and analyze the following information.
# Restart the services /etc/init.d/log restart; /etc/init.d/dnsmasq restart; /etc/init.d/dnscrypt-proxy restart # Log and status logread -e dnsmasq; netstat -l -n -p | grep -e dnsmasq logread -e dnscrypt-proxy; netstat -l -n -p | grep -e dnscrypt-proxy # Runtime configuration pgrep -f -a dnsmasq; pgrep -f -a dnscrypt-proxy # Persistent configuration uci show dhcp; grep -v -e "^\s*#" -e "^\s*$" /etc/dnscrypt-proxy2/dnscrypt-proxy.toml
docs/guide-user/services/dns/dnscrypt_dnsmasq_dnscrypt-proxy2.txt · Last modified: 2020/08/05 04:26 by vgaetera
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
