Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed
From: Maciej Soltysiak <maciej@soltysiak.com>
To: Aristar <LeetMiniWheat@gmail.com>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Date: Mon, 12 May 2014 10:09:29 +0200	[thread overview]
Message-ID: <CAMZR1YAK7wXQAwwaZYaLwc0p0ydLRaHg7dwbThCX+9ZayE7eYQ@mail.gmail.com> (raw)
In-Reply-To: <CAGHZhqEVLc3vAj7+j225BM_SW3c4KQouwy9c_62E5d2KGG0SFQ@mail.gmail.com>

On Sat, May 10, 2014 at 8:42 PM, Aristar <LeetMiniWheat@gmail.com> wrote:
> dnscrypt-proxy is working great though (without needing a resolv
> file), it runs as a daemon and sets up an encrypted connection to
> OpenDNS servers which you then specifcy 127.0.0.1#2053 for dns
> forwarding. I suggested this be added to CeroWRT awhile ago but there
> wasn't much interest, nor any official packages available, though that
> thread I linked above in this thread has a repository and a maintainer
> in the forum thread with a source repo.
I think I expressed my interest too. I have dnscrypt-proxy running for
quite a while on Cero.
Not on latest cero though.

I consider it to be a very nice setup:
- dnsmasq handles dhcp and static assignments, acts faux authoritative
for domains I want to return NXDOMAIN  and acts as local cache
- dnsmasq fowards everything else to local dnscrypt-proxy which sends
encrypted queries to a dnscrypt resolver at the other end (somewhere
over the cloud, 8ms away) which I control and which resolves queries
via unbound. Supports DNSSEC, keeps no logs and has experimental
support for Namecoin's .bit domains.
- I plug the DNS hole in cero's iptables so that no unencrypted DNS
traffic leaves the box.

I thought I've seen a github commit to add dnscrypt-proxy to cero, did
I see wrong?

Best regards,
Maciej

  reply	other threads:[~2014-05-12  8:09 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-09  9:34 Aristar
2014-05-09 16:17 ` Aristar
2014-05-10 12:15   ` Robert Bradley
2014-05-11 21:46     ` Robert Bradley
2014-05-11 21:48     ` Robert Bradley
2014-05-10 18:42   ` Aristar
2014-05-12  8:09     ` Maciej Soltysiak [this message]
2014-05-11 11:54   ` Sebastian Moeller
2014-05-11 12:14     ` Aristar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMZR1YAK7wXQAwwaZYaLwc0p0ydLRaHg7dwbThCX+9ZayE7eYQ@mail.gmail.com \
    --to=maciej@soltysiak.com \
    --cc=LeetMiniWheat@gmail.com \
    --cc=cerowrt-devel@lists.bufferbloat.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox