In this tutorial we will show you how to install and configuration of DNSCrypt on your OpenWrt router. For those of you who didn’t know, DNSCrypt is a tool for securing communications between a client and a DNS resolver using elliptic-curve cryptography in the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic. With DNSCrypt it can preventing spying, spoofing, and man-in-the-middle attacks or even bypass DNS censorship from ISP that using DNSLeak.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, I will show you through the step by step installation DNSCrypt on a OpenWrt.
Install DNSCrypt on OpenWrt
Step 1. Installing DNSCrypt.
DNSCrypt is managed by a source NOT directly included in opkg lists. So, first step is to add the Source to opkg list by adding following line at the end of ‘/etc/opkg.conf’.
echo 'src/gz exopenwrt http://exopenwrt.roland.black/barrier_breaker/14.07/ar71xx/packages/exopenwrt' >> /etc/opkg.conf
And proceed with the installation:
opkg install dnscrypt-proxy
Confirm that the installation:
### opkg status | grep -n "dnscrypt-proxy"
### Result ###
236: /etc/config/dnscrypt-proxy ff316755d745da9b15b7166b667ed108
Step 2. Configuration DNSCrypt.
The config file /etc/config/dnscrypt-proxy is simple and should be edited according to your needs:
### nano /etc/config/dnscrypt-proxy
option address '127.0.0.1'
option port '5353'
# option resolver 'cisco'
# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
# option ephemeral_keys '1'
Now we will start DNSCrypt and enable auto boot for it:
If dnscrypt-proxy is not starting after a router reboot, it may be trying to start before the network interface is fully up. Add the following to
/etc/rc.local, above the line “exit 0”:
Next, Edit ‘/etc/config/dhcp’ so that the ‘dnsmasq’ configuration looks like below:
option domainneeded 1
option boguspriv 1
option filterwin2k 0
option localise_queries 1
option rebind_protection 1
option rebind_localhost 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
# option resolvfile '/tmp/resolv.conf.auto'
option noresolv 1
list server '127.0.0.1#5353'
list server '/pool.ntp.org/220.127.116.11'
# list server '18.104.22.168'
# list server '22.214.171.124'
Restart dnsmasq for the changes to take effect:
Congratulation’s! You have successfully installed DNSCrypt. Thanks for using this tutorial for installing DNSCrypt on your OpenWrt router system. For additional help or useful information, we recommend you to check the official DNSCrypt web site.