In this tutorial, we will show you how to install and configuration of DNSCrypt on your OpenWrt router. For those of you who didn’t know, DNSCrypt is a tool for securing communications between a client and a DNS resolver using elliptic-curve cryptography in the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic. With DNSCrypt it can prevent spying, spoofing, and man-in-the-middle attacks or even bypass DNS censorship from ISPs that use DNSLeak.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, I will show you the step-by-step installation DNSCrypt on an OpenWrt.
Prerequisites
- A server running one of the following operating systems: OpenWrt.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install DNSCrypt on OpenWrt
Step 1. Installing DNSCrypt.
DNSCrypt is managed by a source NOT directly included in opkg lists. So, the first step is to add the Source to opkg the list by adding the following line at the end of ‘/etc/opkg.conf’.
echo 'src/gz exopenwrt http://exopenwrt.roland.black/barrier_breaker/14.07/ar71xx/packages/exopenwrt' >> /etc/opkg.conf
And proceed with the installation:
opkg update opkg install dnscrypt-proxy
Confirm that the installation:
### opkg status | grep -n "dnscrypt-proxy" ### Result ### 230:Package: dnscrypt-proxy 236: /etc/config/dnscrypt-proxy ff316755d745da9b15b7166b667ed108
Step 2. Configuration DNSCrypt.
The config file /etc/config/dnscrypt-proxy is simple and should be edited according to your needs:
### nano /etc/config/dnscrypt-proxy config dnscrypt-proxy option address '127.0.0.1' option port '5353' # option resolver 'cisco' # option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv' # option ephemeral_keys '1'
Now we will start DNSCrypt and enable auto boot for it:
/etc/init.d/dnscrypt-proxy enable /etc/init.d/dnscrypt-proxy start
If dnscrypt-proxy is not starting after a router reboot, it may be trying to start before the network interface is fully up. Add the following to /etc/rc.local, above the line “exit 0”:
sleep 10 /etc/init.d/dnscrypt-proxy start
Next, Edit ‘/etc/config/dhcp’ so that the ‘dnsmasq’ configuration looks like below:
config dnsmasq option domainneeded 1 option boguspriv 1 option filterwin2k 0 option localise_queries 1 option rebind_protection 1 option rebind_localhost 1 option local '/lan/' option domain 'lan' option expandhosts 1 option nonegcache 0 option authoritative 1 option readethers 1 option leasefile '/tmp/dhcp.leases' # option resolvfile '/tmp/resolv.conf.auto' option noresolv 1 list server '127.0.0.1#5353' list server '/pool.ntp.org/208.67.222.222' # list server '208.67.222.222' # list server '208.67.220.220'
Restart dnsmasq for the changes to take effect:
/etc/init.d/dnsmasq restart
Congratulations! You have successfully installed DNSCrypt. Thanks for using this tutorial for installing DNSCrypt on your OpenWrt router system. For additional help or useful information, we recommend you check the official DNSCrypt website.
