USE dnscrypt-proxy with A captive portal (from public wifi) without reload

You can use it without reload by doing this.

1. add fake url-ip in cloak rule, used for redirect to captive portal. ( real url make browser cache them and not redirect )
   add something like this in cloak rule.

=fakeportal.com 34.107.221.82

and go to fakeportal.com for detect and redirect to captive portal page. some portal will fail because they not use private ip. You need to continue with step 2.

2. add captive portal url and their real IP in cloaking-rules.txt.
   add something look like this.

=portal.web-login.com 10.10.0.1
=portal-content.web-login.com 10.10.0.2

You can obtain ip by nslookup, something like

> nslookup portal.web-login.com 10.10.0.10
Server:  UnKnown
Address:  10.10.0.10

Non-authoritative answer:
Name:    portal.web-login.com
Addresses:  10.10.0.1
            10.10.0.2

where portal.web-login.com is a login page. and 10.10.0.10 is a dns ip.

• why cloak it not forward it? because forward rule not work when you set force_tcp = true

dnscrypt-proxy Pain Point.!

• their netprob not work correctly on many public wifi that use web portal login. you can ping any IP but not real respond from that IP.
• dnscrypt-proxy stop it self when resolver was outdated, and doesn't have the secure way to update itself. make dns traffic leak when restart it.
• (v2.0.45 problem solved) Cloaking rule doesn't make domain have multiple IP.
• *.hostname was equal to hostname but *ads.* not equal to ads.*. Is it logical? Multiple logic in one program.
• When you set force_tcp = true normal dns from forward rule will go out with TCP port 53. That not work with many public wifi dns. (8.8.8.8 work fine)
• Firefox randomly fails to resolve AAAA when use dnscrypt-proxy (problem may from Firefox). but dev fastly close the issue for $@#%@$@

dnscrypt-proxy Weird..!

• Cloak rule was overwrite by Block rule. This so weird. Why people need block their own cloak rule.! User may use large set of block list and it's will block their cloak rule someday. (add blocked url to allow rule to make it work)

DNSCrypt installer & reloader

cmd script automatic detect internet and start. one click base to re-run dnscrypt-proxy.

1. download dnscrypt-proxy-win64-x.x.x.zip ( source ) and place win64 folder same directory as lessload-installer.bat
   (Modify needed in Windows 32bit)

2. run lessload-installer.bat [run as admin] to install
   (it will install loopback to all interface & block all internet by default)

3. config your dnscrypt-proxy.toml and other.

4. one click re-dnscrypt.bat [run as admin] to check internet and start dnscrypt, script will automatic detect internet or wait for you to login through Web Portal and run dnscrypt-proxy.

( recommend you to run script before connect wifi , Web Captive Portal will not show in some case if you run script after connect wifi )
( no need to stop service just restart to get internet connection back )

** Windows 10 v2004 **

• you need to enable NCSI Active Probing, detail in Other problem
• modify NCSI server got NCSI problem in some case.

** Windows 10 v20H2 the problem was gone.

Pro

• support Web Captive Portal, Normally dnscrypt-proxy may break web portal in many case.
• easy to re-run dnscrypt-proxy by run re-dnscrypt.bat [run as admin]
• just script, no need more resource usage.
• less DNS traffic leak ( just 5s nearly 0 if you use static sdns:// )
• clean.

Con

• you need to config *.toml manual. ( From this manual )
• Request PowerShell or Curl, work on Windows 8 or above.

Other problem with this script

• some anti-virus may block PowerShell to connect the internet. make it allow.
• disable DNS Client service (dnscache) in windows will break internet connection of UWP apps, not recommend to do that.
• Public wifi got NCSI problem on Windows 10 v2004. [for now. fix by run this in cmd
  reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v "EnableActiveProbing" /t REG_DWORD /d "1" /f
  ]

v2 note

• change script to download resolver before start dnscrypt-proxy to prevent dnscrypt-proxy stop it self when resolver was outdated.
• change powershell to curl to download resolver. this improve speed and reduce cpu impact
  ( on Intel Atom Invoke-WebRequest make cpu ran at 100% speed, for curl run only 70% )
  ( in old Windows OS, you may need to install curl itself official link here )

DNS restrict + NCSI problem

In case of public wifi that restrict DNS
If you do not use your device too long, and *.md was outdate and 127.0.0.1 is still DNS of windows. dnscrypt-proxy will fail to update and stop themself. That why i make this script. This script will help you to fastly connect to your DNSCrypt as possible and set loopback, to prevent some DNS traffic leak.

( temporary fix it by custom timout between script, as in re-dnscrypt.bat )
( to fix it without custom timeout, your need to static sdns:// in dnscrypt-proxy.toml )
( use lessload-installer.bat to reduce NCSI poll period before run re-dnscrypt.bat )
dnscrypt-proxy update method use or trust in Microsoft NCSI make it got problem

Why NCSI is so importance. Because if your pc got NCSI alert it will break many function in windows
example -UWP-internet -Hotspot

--

My network test condition

• restrict dns by router for make it seem like some public wifi
• block all Microsoft server (host & IP) for make it seem like company network, and test how NCSI really works.

Cool NCSI solution

• https://github.com/dantmnf/NCSIOverride
  ( not test it yet, one day Microsoft will prevent this thing to work because of security or telemetry reason. maybe )