XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Fri Jan 18, 2019 8:57 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 44 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Sep 20, 2018 10:00 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Was running dnscrypt.eu-nl until a few days ago, when it stopped working entirely. Using dnscrypt-proxy cisco (opendns) for now.

https://i.postimg.cc/9fFX7Bmz/router_To ... .eu-nl.png

Have been in touch with Simon Clausen on Twitter, who maintains the server. He's saying:

Quote:
What's going on is the dnscrypt-proxy running on your router is using an old libsodium. It was working until recently, because (link: http://dnscrypt.eu) dnscrypt.eu-nl was also running with an old libsodium. Similar issue here: https://github.com/dyne/dnscrypt-proxy/issues/9

Part of fixing the service involved upgrading all components, which has this side effect for older client software.


On the N12, currently running Shibby Tomato Firmware 1.28.0000 MIPSR2-132 K26 Max

I haven't the slightest idea what libsodium is (something to do with the encryption employed), but do you think there's a newer version of Tomato I can flash that might use a compatible version of libsodium for this resolver in order to get dnscrypt.eu working again? If not, I'm still working with him to get the details to try a manual entry.

UPDATE: he's now saying that "Manually giving dnscrypt-proxy settings will not solve the issue. The problem is the copy of dnscrypt-proxy in your installation of Tomato is outdated, making it unable to connect to dnscrypt servers running new software" He doesn't think there's any way to manually install a new dnscrypt-proxy executable in the current firmware.

So looks like new version of Tomato for the N12 (or something) or no dnscrypt.eu. Definitely prefer dnscypt.eu to the dnscrypt-proxy cisco (opendns), but may have to live with it.

http://tomato.groov.pl/?page_id=69

http://tomato.groov.pl/?page_id=164


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 4:33 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
To my knowledge the new version of dnscrypt was rewritten in Go, which is only produces bloated pig-like executables that don't fit on embedded devices.

http://www.linksysinfo.org/index.php?th ... ato.74088/

However it sounds like he may be running the old version with a newer libsodium or something? Sorry, I've been up since yesterday morning, barely keeping my eyes open right now.


Shibby's moved on from Tomato for the most part, he's still contributing code periodically but that's it. Toastman also stopped working on Tomato though I don't know why (hopefully nothing serious). Two guys are working on FreshTomato/ARM and FreshTomato/MIPS although I haven't had much luck with the MIPS version. It works, its just not particularly stable. At least on my routers. With the demonic monsters that pass as students these days.

I don't know what to suggest. The N12 isn't nearly powerful enough to do something like a VPN tunnel, at least not without a crazy severe performance hit. I picked up an AC68 and it can only handle about 35Mb, and its got a dual core 850Mhz ARM CPU inside. For a little while refurbs were going for $60 on Amazon, I got one, convinced a coworker to buy one, then I bought one as a Christmas present (replete with installation).

If you don't mind taking a chance you could try something in the FreshTomato/MIPS line:
http://www.linksysinfo.org/index.php?th ... ips.74145/

I could tell you which file to use if I could remember. Oh. Hm. Hold on. So I've got a Shibby tomato-K26-1.28.RT-N5x-MIPSR2-132-MiniIPv6 build in my N12D1 folder. So that would mean... freshtomato-K26_RT-N5x-MIPSR2-2018.4-MiniIPv6.zip should work. You will have to wipe NVRAM and set it up from scratch unfortunately, but that should work. It also shows a freshtomato-K26_RT-N5x-MIPSR2-2018.4-Max.zip if the Mini build doesn't work for some reason.

This link may take you to the right folder on Mega:
https://mega.nz/#F!QywknIpa!5JwWNIfEwCO ... w!MmpAGSgY

Otherwise I went to the main site https://mega.nz/#F!QywknIpa!5JwWNIfEwCOKXqXG0AOh4w then 2018.4 then K26RT-N then Asus RT-Nxx & CO and that's the list.

If .4 is bust you could also try one of the older 2018.3 builds. I have my hands full at work otherwise I'd play around flashing different builds. All my N12D1s are running ASUS builds now (they're access points).

Just remember if everything goes horribly wrong you can assign 192.168.1.2 to your ethernet interface, hold down reset, apply power, then keep holding down reset until the power led starts slowly blinking off and on. At that point you're in recovery mode and http://192.168.1.1 should respond. On the off chance it doesn't you can try turning it off, holding down WPS, apply power, then let it sit fast blinking the power light for a second, release, let it sit for about 20 or 30 seconds, power off, then try to get back into recovery mode.


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 8:21 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Thanks for the help with this, and please do get some sleep. As Clausen suggests it will be necessary to confirm that whatever I flash has a new version of dnscrypt-proxy. But maybe just the new version of libsodium with the old dnscrypt-proxy would work (sounds like it belongs in drugs.com.) Before I try either of those, the K26_RT-N5x-MIPSR2-2018.4-MiniIPv6.zip or the K26_RT-N5x-MIPSR2-2018.4-Max.zip (both already downloaded) I will have to be sure of that...or something. From what I've been reading from the several links you gave, this doesn't look all that promising.

May have to ask over at linksysinfo.org, if they will tolerate a question from someone way below their level. I'm afraid that if I use a term like libsodium (or even "computer") they'll assume I know far more than I do and the replies will start running away with jargon I won't be able to understand.

Is there any way to tell what version of libsodium the current Tomato is running?

Otherwise, since I'm not certain I want to go through with reflashing the router with all the possible complications that might entail, I may just decide to live with the dnscrypt-proxy version of opendns. Not my first choice, but at least it's still working.


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 10:46 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15378
Everytime I turn around I'm blown away at the varied expertise here! :coffee:


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 1:15 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Oh trust me, you're above 90% of the posters on linksysinfo.org. The worst ones are the people who make demands. Last time I checked they weren't paying anyone's salary to work on Tomato. :roll:

I stumbled across something about libsodium and Tomato this morning before I finally collapsed. I'll have to dig for it later.

The thing written in Go is unlikely to be what the guy you're talking with is dealing with. Brainslayer (from dd-wrt) even mentions that in the github thread you linked to. So what you need is the old dnscrypt with a new libsodium. Assuming the new libsodium works the same as the old libsodium it should be a drop-in replacement. But you know what they say when you assume.

I would backup your config (Administration -> Configuration I think), make sure you have your shibby image (so you can go back), and then give it a shot. My only concern about the Mini build is that it may not include dnscrypt, but based on the filesize I think the Max should still fit on an N12D1. If 2018.4 Max doesn't work then you upload Shibby back on it, wipe NVRAM using the WPS button at power on, then restore your config. Shouldn't be too hard.


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 4:41 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Will give the max a go. Thanks for the suggestion. You know when I was in the middle of this router stuff a few years ago when the first N12 died, I wouldn't have had much hesitation to try a new firmware. But have gotten quite rusty now, had completely fogotten that I could easily backup and restore the current config until you just reminded me. It's like a lot of this computer stuff, if I don't keep up with it I forget it. Occasionally, I'll do a search for something rather technical, and may end up finding a post I made at ASC (from when I was still active there.) I can be quite astonished sometimes by what I find. I wonder just how I knew that. It's gone completely AWOL. Not me anymore. A lot of what I knew has just slipped into oblivion -- not to mention that I've lost a certain amount of interest in this kind of stuff. Just want things to work, don't much care anymore how.


Top
 Profile  
 
PostPosted: Fri Sep 21, 2018 5:08 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
There's something to be said for things just working.

I spend a lot of my time reading. Most of the time its work related stuff but my work tends to take me to a lot of topics.


Top
 Profile  
 
PostPosted: Sat Sep 22, 2018 7:47 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
HI MB, flashed the Max, and can now connect again to dnscrypt.eu. Looks like only a newer version of libsodium was needed. Some aspects of the new UI are a bit puzzling. May have to ask a few more questions, but have gotten most of that sorted.

Nice to know that dnscrypt.eu passes DNSSEC. OpenDNS did not.

Thanks for all your great help (as usual) with this. Could never have found the more recent equivalent of freshtomato (never would have known about freshtomato version) without your help.


Top
 Profile  
 
PostPosted: Sun Sep 23, 2018 4:11 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Great news. I've noticed some stability problems with freshtomato but it may just be the sheer amount of stress the router I put it on was placed under. It was also an older build.

Once you're sure you're happy with it I'm sure pedro wouldn't mind a couple bucks thrown his way as a donation.


Top
 Profile  
 
PostPosted: Sun Sep 23, 2018 4:40 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Well, I hope it stays stable here. I've asked twice now over at linksys.org and haven't gotten a reply as yet--although second ask was just a little while ago, so maybe someone will get around to answering before long: Not seeing anywhere to enter Static DNS. Used to be in Basic->Network. Now nothing there, and I can't find anywhere to enter it. Would want to have that as an automatic fallback in case dnscrypt.eu goes down, as it has at moments in the past. If nothing entered for Static DNS, don't want ISP Verizon to take over. Didn't want to bother you with this, but maybe you have an idea.

EDIT: could it be that one of my other settings is preventing this from showing?

(Would be happy to send a few bucks to Pedro, if it can be done safely. Not sure how.)

Nothing here

Image

How it used to look with older Tomato (use dnscrypt-proxy shown as unchecked, but Static DNS would show even if checked):

Image


Top
 Profile  
 
PostPosted: Mon Sep 24, 2018 1:46 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Yeah they changed it in MultiWAN. I think it's someplace else now. Maybe Advanced/DNS? I've avoided using MultiWAN.

But by using dnscrypt you're using that server for dns, custom dns is ignored.

As for donations, I thought it was mentioned in the freshtomato thread I linked to but I'm not seeing it. Then again I'm trying to get some work done so I'm only half looking while trying to work around an issue.


Top
 Profile  
 
PostPosted: Mon Sep 24, 2018 6:57 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
First no urgency about this. Whenever you can get to it:

Have scoured the settings, looked under every rock and don't find Static DNS anywhere. I realize that my connection to dnscrypt.eu will suffice, but I'm a little concerned that if it does down, as it has occasionally, without the Static DNS set to OpenDNS the DNS will default, or at least try to default, to the ISP.

Quote:
Yeah they changed it in MultiWAN.

Don't quite understand, it used to just appear below LAN in Basic>Network

Also, what do you think about the Memory and NVRAM--is NVRAM getting a little too close to the bone?

Image


(Btw, don't find the linksysinfo people all that helpful. Asked twice about Static DNS location in freshT and have been completely ignored. I realize that a lot of work went into building this version, and that deserves credit, but don't feel very encouraged to make a donation, even if I could find where to do that.)


Top
 Profile  
 
PostPosted: Mon Sep 24, 2018 2:37 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
MultiWAN are the Shibby builds after 132, which was the version you were running. It allows you to have multiple WAN connections so that if one goes down it will fail over to the other connection. Good thing to have, kind of hard to retrofit into an existing code base, and it's had a lot of teething issues that have never been fully resolved. It got into a mostly working state before Shibby got married.

You could set server= directives under advanced -> dns but I'm not sure if they'll override dnscrypt or not.

I usually only stick my head into linksysinfo a couple times a week, some people check it less often than that. Koitsu is a great wealth of knowledge there but not necessarily Tomato-related - he's got a deep BSD knowledgebase. OTOH the guy will analyze packet dumps and read Tomato source to find answers so when he answers it's usually a pretty definitive answer. Anyway, he comes there a lot less often than I do.

(looks at your screenshot again after Googling) Oh dear god it's been staring us in the face the entire time. Look at WAN. DNS Server: Auto. Change Auto to Manual. :fishsmack:

I think the plan was to have DNS set for each WAN connection.


Top
 Profile  
 
PostPosted: Mon Sep 24, 2018 2:49 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Already noticed that yesterday, tried changing WAN to manual and adding DNS numbers for OpenDNS. In combination with that, also unchecked use dnscrypt-proxy, and saved. Does that sound right?Couldn't connect, but maybe did something wrong. Will have to try that again. Thanks.


Top
 Profile  
 
PostPosted: Mon Sep 24, 2018 3:00 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Yeah, that's where they're set now. Not sure why they didn't work though. I'd have to flash one of mine to give you a good answer.


Top
 Profile  
 
PostPosted: Tue Sep 25, 2018 6:09 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Tried again, as before couldn't connect. What I did:

Image

Only way I could connect was by going into the Dnsmasq custom config and uncommenting one of the OpenDNS numbers. But when I do that, can no longer connect with dnscypt-proxy, even though that remains set as before. All DNS then goes to OpenDNS servers-nothing from dnscrypt.eu. I guess it's normal for the Dnsmasq config to take priority. But definitely remember that with earlier version Tomato and Static DNS set to OpenDNS servers, if dnscrypt.eu was down, it would automatically fall back to OpenDNS. Just checked: disabled dnsproxy, and couldn't connect. Nothing to fall back to now.

EDIT: note, have done several thorough NVRAM erases + restore. Hasn't changed anything. Seeing DNS servers connected by checking with ipleak.net.

EDIT 2: Maybe need to uncheck Use internal DNS? From notes: "Use internal DNS - Allow dnsmasq to be your DNS server on LAN."

Also maybe uncheck Use received DNS with user-entered DNS? From notes: "Use received DNS with user-entered DNS - Add DNS servers received from your WAN connection to the static DNS server list (see Network configuration)." Will have to give this one a try.

EDIT 3: Tried every possible combination of the the above, but nope that wasn't it--although at one point was able to connect, but no idea by way of what DNS servers. ipleak.net was showing "0 servers"

Could there be some problem with that custom config which is responsible for this behavior, or is it just some bug inherent to this firmware? Most of it is copied from what you were using, with a few additional tweaks of my own:

#Only use DNS servers configured here
no-resolv
#Never forward non-routable address requests
bogus-priv
#Never forward requests w/o a .TLD
domain-needed
#Stop ACK and REQ DHCP spam
quiet-dhcp
#Prevent proxy server request spam
dhcp-option=252,"\n"
#Larger cache for dnsmasq
cache-size=5000
#Larger queue for logging
log-async=10

#strict-order (not used)
#OpenDNS servers
#server=208.67.220.220 ----------------->with this uncommented can connect
#server=208.67.222.220
#server=208.67.220.222

#Level3 servers
#server=4.2.2.1
#server=4.2.2.2

#Block Verizon DNS servers
bogus-nxdomain=68.237.161.12
bogus-nxdomain=71.243.0.12

#Block iOS update
#address=/mesu.apple.com/10.255.255.1

In the service of leaving no stone unturned, here are the logs with dnscrypt.eu connecting + Dnsmasq config in place, as shown above:
Image

No rush at all, but curious to know what happens when you try this with one of your Asus flashed.


Top
 Profile  
 
PostPosted: Tue Sep 25, 2018 2:38 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Oh. You should either enter the server= options in dns/advanced or enter static dns, not both. You're essentially trying to do the same thing two different ways, the static dns options create server= entries, so they're redundant. It's possible that dnscrypt will be ignored with it set one way (e.g. static dns on wan) but not the other way (dns/advanced server= entries). It all depends on where in the configuration the dnscrypt entries get inserted vs. the server= entries. If one is before the other then the first one (or is it last?) takes precedence, while the other could do the reverse of that. This is because dnscrypt option itself creates a server= entry... and probably some other entries. I can't effectively read C/C++ and haven't even tried since before dnscrypt was integrated (plus Tomato's code is a hard to read).

Um. When you say restore, you're not restoring your configuration from Shibby into FreshTomato, are you? That's the same thing as keeping your NVRAM configuration in Shibby and upgrading to FreshTomato. The configuration file restores all the NVRAM settings, which aren't the same between the two versions. Some are shared but not all are, and you will have quirky problematic issues if you don't set it up by hand after changing versions. If you stay within Shibby you're generally OK keeping the NVRAM or restoring the config file but once you change to someone else's build all bets are off.

I suggested backing up and restoring your configuration so that you could go back to Shibby without any headache, not that you could use it intact with FreshTomato. I generally write my settings down in a text file page by page, but I ignore the default settings so it's not crazy unwieldy. Since you're not using QoS yours should be pretty small compared to mine. Then when setting up the router I just go through it page by page and set things back to the way they were in the other version. I make liberal use of tabs to differentiate pages and sections and individual settings so I can just go straight down the page, save, then go on to the next page.


Top
 Profile  
 
PostPosted: Tue Sep 25, 2018 5:14 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Quote:
Oh. You should either enter the server= options in dns/advanced or enter static dns, not both.

If by server= options in dns/advanced you mean servers entered in Dnsmasq, all those have been commented out. So effectively there are no servers there. As I said somewhere earlier, if I left any of those uncommented, they would override the dnscrypt-proxy entry.

Something here in Dnsmasq that could be screwing things up? Have always used this before with no problems.
Quote:
#Only use DNS servers configured here
no-resolv
#Never forward non-routable address requests
bogus-priv
#Never forward requests w/o a .TLD
domain-needed
#Stop ACK and REQ DHCP spam
quiet-dhcp
#Prevent proxy server request spam
dhcp-option=252,"\n"
#Larger cache for dnsmasq
cache-size=5000
#Larger queue for logging
log-async=10

Not sure what no-resolve does. Should I comment out no-resolve?

As for what I said about restore, wasn't restoring the earlier Shibby. When things have gotten funky after trying various things, I went into Admin>config and selected "Erase all data in NVRAM memory (thorough)" and then restored the current freshtomato.

Image

What do I do about these two checkboxes in Advanced>DHCP/DNS?

--Use internal DNS? From notes: "Use internal DNS - Allow dnsmasq to be your DNS server on LAN." Uncheck? Doesn't seem necessary if all the servers there are commented out.

--Use received DNS with user-entered DNS? From notes: "Use received DNS with user-entered DNS - Add DNS servers received from your WAN connection to the static DNS server list (see Network configuration)."

Bottom line: can set Static DNS, but still can't find a way in this new version Tomato to have the Static DNS servers (OpenDNS) serve as an automatic fallback if dnscrypt-proxy is unchecked/disabled.


Last edited by WZZZ on Tue Sep 25, 2018 5:55 pm, edited 2 times in total.

Top
 Profile  
 
PostPosted: Tue Sep 25, 2018 5:41 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
UPDATE: OK, think I may have gotten it this time. Set Static DNS to OpenDNS servers, then in Advanced>Dnsmasq commented out no-resolve, unchecked Use internal DNS, and checked Use received DNS with user-entered DNS Next, disabled dnscrypt-proxy, and voila ipleak.net was showing the OpenDNS servers. Re-enabled dnscrypt-proxy, saved, and was back in business there.

Using a bit more NVRAM now. Before these changes was 7,400 free, now 7,316/(22.33%) Total 32KB. Think that's enough to get by?

EDIT: had to put no-resolve back in or would sometimes (not sure when or why) try to connect to OpenDNS #s when using command dig whoami.akamai.net +short to report DNS Server.

no-resolve addressed here
http://www.linksysinfo.org/index.php?th ... sue.71892/


Top
 Profile  
 
PostPosted: Wed Sep 26, 2018 10:30 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
(scratches head) Use internal DNS should be checked since that means run a DNS server on the router, which is what you want to do.

no-resolv should be uncommented if you're not setting your dns servers in advanced/dns alongside no-resolv. It basically won't pick up entries placed by other processes into resolv.conf, which typically means DNS.

I'd have to put freshtomato on a spare N12D1 to figure this out, this all seems a little odd to me. Unfortunately I'm still crazy busy at work and will be for a while.


Top
 Profile  
 
PostPosted: Wed Sep 26, 2018 2:31 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Yes, a lot of head scratching going on here. Have tried numerous combinations but have found

Advanced>DHP/DNS has to be set like this
Image

If set otherwise, when running dig whoami.akamai.net +short to see DNS Server connected, then get

Image

And also another weirdness: if set otherwise, when an external drive is mounted Sophos process wants to connect to OpenDNS server.

Image

My current Dnsmasq config--have removed all DNS Servers and left this:

#Only use DNS servers configured here
no-resolv
#Never forward non-routable address requests
bogus-priv
#Never forward requests w/o a .TLD
domain-needed
#Stop ACK and REQ DHCP spam
quiet-dhcp
#Prevent proxy server request spam
dhcp-option=252,"\n"
#Larger cache for dnsmasq
cache-size=5000
#Larger queue for logging
log-async=10

#Block Verizon DNS servers
bogus-nxdomain=68.237.161.12
bogus-nxdomain=71.243.0.12

#Block iOS update
#address=/mesu.apple.com/10.255.255.1


Top
 Profile  
 
PostPosted: Wed Sep 26, 2018 2:37 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10267
Location: Caught between the moon and NYC
Clients connecting to opendns directly is what I would expect with use internal dns unchecked.


Top
 Profile  
 
PostPosted: Wed Sep 26, 2018 2:42 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
MonkeyBoy wrote:
Clients connecting to opendns directly is what I would expect with use internal dns unchecked.

Yep, very strange. If checked, then wants to connect to OpenDNS and do other strange things. This seems to be the best I can come up with.

If this thing gives me any more problems, I'll just restore the config I was using before starting down this tortured Static DNS path, and forget about having Open DNS as an automatic fallback if and when dnscrypt.eu goes down. Option in case that should happen is to enable the OpenDNS password account already set up in DDNS. Or even better, just use the cisco dnscrypt resolver. Only problem with that scenario is it won't be automatic.


Top
 Profile  
 
PostPosted: Wed Sep 26, 2018 6:01 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Throwing up my hands for now. Just tested to see if it would automatically fallback to OpenDNS if dnscrypt-proxy were disabled. It doesn't. ipleak showed "0 servers." Logs say "no upstream servers." Connected, but no idea what I was using for DNS. Restored the config without Static DNS that I first tried a few days ago. Older Shibby version just worked for all that. This one is too nuts, or I'm just unable to figure it out.

Back to these settings in Advanced>DNS

Image


Will give it a break and try again, but can't waste any more time on this right now.


Top
 Profile  
 
PostPosted: Thu Sep 27, 2018 2:06 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6368
Location: NYC
Gave it a break and had another try:

With dnscrypt-proxy disabled goes into zombie state for a minute before connecting, but finally connects with OpenDNS servers, as set in Static DNS. Not sure if it will automatically fallback to OpenDNS if dnscrypt.eu goes down. Unsure If I will lose Internet for a zombie minute or if it will seamlessly connect by way of OpenDNS the way it used to in the earlier version? No idea yet.
Quote:
no-resolv should be uncommented if you're not setting your dns servers in advanced/dns alongside no-resolv.

Not sure I understood the above. Did you mean if you ARE setting your dns servers in advanced/dns no-resolve should be uncommented??? I find that with Static DNS servers set, Dnsmasq must not include no-resolve because if dnscrypt-proxy is disabled and no-resolve is uncommented, I can connect (by what DNS I have no idea) but ipleak shows "0 servers," same with the logs just after.

Settled on the following (without no-resolve):

#Never forward non-routable address requests
bogus-priv
#Never forward requests w/o a .TLD
domain-needed
#Stop ACK and REQ DHCP spam
quiet-dhcp
#Prevent proxy server request spam
dhcp-option=252,"\n"
#Larger cache for dnsmasq
cache-size=5000
#Larger queue for logging
log-async=10

#Block Verizon DNS servers
bogus-nxdomain=68.237.161.12
bogus-nxdomain=71.243.0.12

#Block iOS update
#address=/mesu.apple.com/10.255.255.1


Advanced>DHCP/DNS entries:
Image

Wonder what you will settle on when you get a moment to test. Thanks for all the help with this.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 44 posts ]  Go to page 1, 2  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group