DNSCrypt is a tool for securing communications between a client and a DNS resolver using elliptic-curve cryptography in the same way the SSL turns HTTP web traffic into HTTPS encrypted web traffic.
With DNSCrypt it can prevent spying, spoofing, and man-in-the-middle attacks from cyber criminals or even bypass DNS censorship from ISP's DNSLeak.
Warning: It has been tested only on OpenWrt Attitude Adjustment (12.09).
Requirements
Minimum free space size requirement = (256.00 KB)Installation
Step 1: Install DNSCrypt- Open OpenWrt's LuCI Web's Interface
- Select tabs System - Software
- Click Update List
- In download and install packages type "dnscrypt-proxy" then click ok
For x86 Platforms (New Method)
cd /tmp wget https://downloads.openwrt.org/snapshots/trunk/x86/packages/packages/dnscrypt-proxy_1.4.1-1_x86.ipk opkg install dnscrypt-proxy*.ipk rm -f dnscrypt-proxy*ipk
For x86 Platforms (Old Method)
Install the required dependency (libsodium library).
mkdir -p /etc/ssl/certs/ wget -P /etc/ssl/certs/ http://curl.haxx.se/ca/cacert.pem
cd /tmp curl -OL --cacert /etc/ssl/certs/cacert.pem https://github.com/damianorenfer/libsodium-openwrt/raw/master/openwrt/bin/x86/libsodium_0.4.5-1_x86.ipk opkg install libsodium_0.4.5-1_x86.ipk rm -f libsodium*.ipkInstall the dnscrypt-proxy package from GitHub.
cd /tmp curl -OL --cacert /etc/ssl/certs/cacert.pem https://github.com/damianorenfer/dnscrypt-proxy-openwrt/raw/master/bin/x86/packages/dnscrypt-proxy_1.4.0-1_x86.ipk opkg install dnscrypt-proxy_1.4.0-1_x86.ipk rm -f dnscrypt-proxy*.ipk
For ar71xx
If dnscrypt-proxy doesn't exist on available packages, you can download manually from official OpenWrt packages site.cd /tmp wget http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/packages/dnscrypt-proxy_1.4.1-1_ar71xx.ipk opkg install dnscrypt-proxy_*.ipk rm -f dnscrypt-proxy*.ipk
Step 2 : Now the dnscrypt-proxy already installed, you can check by doing following command or view on the software list on the OpenWrt web interface.
opkg status | grep -n "dnscrypt-proxy"The command show output:
- 217:Package: dnscrypt-proxy
- 224: /etc/config/dnscrypt-proxy 7524801bccfc5504202a7c469f9fbc51
Configuration
Step 3: Enable to run at startup and start the dnscrypt-proxy manually.- Connect your router via web interface
- Select tabs System - Startup
- Find in initscript - dnscrypt-proxy
- Click enabled and start
- Select Tabs Network - DHCP and DNS
- Select General Setting tabs - select DNS Forwardings Fill the both column with 127.0.0.1#2053 and /pool.ntp.org/208.67.222.222
- Select Resolv and Hosts File - Check the Ignore Resolve file (Optional)
- Press Save & Apply
- Select Tabs System - Startup
- Find in initscript - dnsmasq
- Click Restart
Testing
On Router
- Run the following commands in the OpenWrt shell:logread | grep -n "using nameserver" logread | grep "Proxying from"
The command will show output:
- 132:Jan 1 01:01:00 openwrt daemon.info dnsmasq[1883]: using nameserver 208.67.222.222#53 for domain pool.ntp.org
- 133:Jan 1 01:01:00 openwrt daemon.info dnsmasq[1883]: using nameserver 127.0.0.1#2053
- Jul 1 12:00:00 openwrt daemon.info dnscrypt-proxy[1831]: Proxying from 127.0.0.1:2053 to 208.67.220.220:443
On Client
- In Windows
Run following command on command prompt (cmd):
- nslookup
- set type=txt
- debug.opendns.com
Run following commands on terminal/konsole:
- dig txt debug.opendns.com
References
Update Notes
- (15, June 2014) OpenWrt has been added "dnscrypt-proxy" packages into default packages (Attitude Adjustment 12.09 and higher)
- (27, June 2014) Added x86 Platform and old versions installation steps (Thanks to locusf on Reddit)
Comments
Post a Comment