mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 02:14:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Corrections for clarity

hugepants 2022-12-17 15:20:02 +00:00
parent 5d6b607650
commit 9b5bc52891
1 changed files with 3 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Installation-on-OpenWrt.md

@ -1,19 +1,10 @@
* [Which method to use?](#which-method-to-use)
* [Package installation (Basic)](#package-installation-basic)
* [Manual installation (Advanced)](#manual-installation-advanced)
* [Package installation](#package-installation)
* [Recommended tweaks](#recommended-tweaks)
* [Logging DNS queries with client IPs](#logging-dns-queries-with-client-ips)
* [Verifying the configuration](#verifying-the-configuration)
## Which method to use?
The basic `opkg` package installation is for those looking for a simple no-frills installation, where updates are at the discretion of the [package maintainer](https://github.com/openwrt/packages/tree/openwrt-19.07/net/dnscrypt-proxy2). Success is dependent upon the updated state of the package, it may not work if it goes stale.
The advanced manual installation offers more flexibility, and is the preferred method for the more competent users.
Whichever you choose, the additional [tweaks](#recommended-tweaks) are highly recommended.
## Package installation
This is available on the official OpenWrt repository but note that updates are at the discretion of the [package maintainer](https://github.com/openwrt/packages/tree/master/net/dnscrypt-proxy2).
### Using the LuCI web interface
@ -80,11 +71,7 @@ Restart `dnsmasq` to switch to the new configuration and check for any errors re
/etc/init.d/dnsmasq restart
logread -l 100 | grep dnsmasq
```
**Note**: If you're using an OpenWrt version built before 23 February 2019, you need to update `dnsmasq`, since its option `localuse` was added on [23 Feb 2019](https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c17a68cc61a0f8a28e19c7f60b24beaf1a1a402d):
```sh
opkg update; opkg upgrade dnsmasq
```
### Optional: Completely disable ISP's DNS servers
For the perfectionists, add this option to `/etc/config/network` to prevent the ISP's DNS servers from being used anywhere:
@ -94,7 +81,7 @@ config interface 'wan' # or 'wan6'
```
### Prevent DNS queries to other local zones
In order to prevent leakage of queries from [these local zones](https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_block_undelegated.go) (such as `168.192.in-addr.arpa`) to upstream resolvers, ensure that you're running version 2.0.36 or later with this line present (it is now enabled by default) in `dnscrypt-proxy.toml`:
In order to prevent leakage of queries from [these local zones](https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_block_undelegated.go) (such as `168.192.in-addr.arpa`) to upstream resolvers, this setting should already be enabled by default in `dnscrypt-proxy.toml`:
```toml
block_undelegated = true