This repository has been archived by the owner on Mar 17, 2018. It is now read-only.
Using Dnscrypt proxy
Alexander Ryzhov edited this page Nov 21, 2015
·
3 revisions
Dnscrypt-proxy protects DNS requests from spoofing. You can useit if you are suspecting (potential) false answers from DNS servers you are using.
opkg install dnscrypt-proxy fake-hwclock
fake-hwclock package saves system time on shutdown and restores it on the next boot. This is important for devices without real time clock (RTC). Without fake-hwclock device will fall into dead lock:
- NTP can't resolve server name without working DNS service,
- DNS service (dnscrypt-proxy) can't start because received certificates are not valid for the current (broken!) system time.
List of available resovlers will be shown after installation, choose nearest one.
Start dnscrypt-proxy:
/opt/etc/init.d/S09dnscrypt-proxy start
It will be started after every boot automatically.
Configure client to use DNS resolver <Your device IP>:65053.
You may use it in conjunction with dnsmasq from firmware if it's available (optionally):
echo "no-resolv" > /etc/dnsmasq.conf
echo "server=127.0.0.1#65053" >> /etc/dnsmasq.conf
- dnscrypt-proxy - https://dnscrypt.org/
- SNB discussion - http://www.snbforums.com/threads/dnscrypt-from-opendns.11645