Hi i have fixed the text from the 2 config files. This is what works for me in the UK. I am running Lede leviathan III SNAPSHOT r3063-f2e6e11 / LuCI Master (git-17.020.82842-e1edb10)
This will work on OpenWRT just the same!
Hi I cant get DNSCrypt to work for me.
I want to use opendns servers.
I have it installed and started.
Here's my DHCP file.
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
#option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option noresolv '1'
list server '127.0.0.1#5353'
list server '/uk.pool.ntp.org/85.199.214.102'
# list server '208.67.222.222'
# list server '208.67.220.220'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '6h'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
Is this rite?
What do i have to do with my dnscrypt-proxy file:
config dnscrypt-proxy ns1
option address '127.0.0.1'
option port '5353'
option resolver 'cisco'
option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
# ephemeral keys option requires extra CPU cycles and can cause huge system load
# option ephemeral_keys '0'
# more details at [url]https://github.com/jedisct1/dnscrypt-proxy#public-key-client-authentication[/url]
# option client_key '/path/to/client_key'
# option syslog '1'
# option syslog_prefix 'dnscrypt-proxy'
# option query_log_file '/path/to/logfile'
# enable cache may speed up dnscrypt-proxy, see [url]https://github.com/jedisct1/dnscrypt-proxy/wiki/Go-faster[/url]
# option local_cache '0'
# disable IPv6 may also speed up dnscrypt-proxy, see [url]https://github.com/jedisct1/dnscrypt-proxy/wiki/Go-faster[/url]
# option block_ipv6 '0'
# Blacklists allow you to block domains, ip, ... see [url]https://github.com/jedisct1/dnscrypt-proxy/wiki/Filtering[/url]
# list blacklist 'domains:/path/to/domains-blacklist-file.txt'
# list blacklist 'domains:/path/to/domains-blacklist2-file.txt'
# config dnscrypt-proxy ns2
# option address '127.0.0.1'
# option port '5454'
# # option resolver 'd0wn-random-ns1'
# # option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
# # option ephemeral_keys '0'
# # option client_key ''
for your /etc/firewall.user file
ad these to lines to stop devices on your network like android phones using hard coded dns servers.
iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j REDIRECT --to-port 53
(Last edited by tapper on 4 Jun 2017, 19:44)