From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yh0-f52.google.com (mail-yh0-f52.google.com [209.85.213.52]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 54A7421F297 for ; Mon, 12 May 2014 01:09:31 -0700 (PDT) Received: by mail-yh0-f52.google.com with SMTP id z6so5596699yhz.39 for ; Mon, 12 May 2014 01:09:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c8r5fyL4+nxQVLAZD3K4kj59OI1fUSNNM6EH089RY1E=; b=jf9WaIHBzdyO6AZm7f2A9Z9JtWAqaQlFOMBFk6DQrjgBvF2jxjDF7PSx6sHJndX8Wq TFhMXL4VfwmItIR4CUVv7jlGGaVWFp0xoDGrM7ujP7/c1ZqbUuyBBR4BM39pXi4cvKH9 8xsPtQ+3nSYGz72BmexiCUKlnSC+y+qL+nSRqzkjFpo1SQpmX/caN2X+uBuuiqX9qnC3 mPp09I/xbMzTBjyv1yrm2Qogr2j5v7tIEEzGFv5T7J3qToUqeo9WFpytbaST8iZa/4Ic LlGB7AFTs7Ps/hfQhzj+E6gSIX9/xMPP72HRQX+21U0RY33jPHhagWMEknZ3XqZsiCpF X6Xw== X-Gm-Message-State: ALoCoQllp7XVRrTWHRQnafIRUQgXXYJ6+C5FjVZb7vm6ZVYbqdXwGwiCAlRNakN5S8BsD1ys/QTV MIME-Version: 1.0 X-Received: by 10.236.122.238 with SMTP id t74mr6925047yhh.91.1399882169887; Mon, 12 May 2014 01:09:29 -0700 (PDT) Received: by 10.170.140.136 with HTTP; Mon, 12 May 2014 01:09:29 -0700 (PDT) X-Originating-IP: [198.28.92.5] In-Reply-To: References: Date: Mon, 12 May 2014 10:09:29 +0200 Message-ID: From: Maciej Soltysiak To: Aristar Content-Type: text/plain; charset=UTF-8 Cc: cerowrt-devel Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues? X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2014 08:09:31 -0000 On Sat, May 10, 2014 at 8:42 PM, Aristar wrote: > dnscrypt-proxy is working great though (without needing a resolv > file), it runs as a daemon and sets up an encrypted connection to > OpenDNS servers which you then specifcy 127.0.0.1#2053 for dns > forwarding. I suggested this be added to CeroWRT awhile ago but there > wasn't much interest, nor any official packages available, though that > thread I linked above in this thread has a repository and a maintainer > in the forum thread with a source repo. I think I expressed my interest too. I have dnscrypt-proxy running for quite a while on Cero. Not on latest cero though. I consider it to be a very nice setup: - dnsmasq handles dhcp and static assignments, acts faux authoritative for domains I want to return NXDOMAIN and acts as local cache - dnsmasq fowards everything else to local dnscrypt-proxy which sends encrypted queries to a dnscrypt resolver at the other end (somewhere over the cloud, 8ms away) which I control and which resolves queries via unbound. Supports DNSSEC, keeps no logs and has experimental support for Namecoin's .bit domains. - I plug the DNS hole in cero's iptables so that no unencrypted DNS traffic leaves the box. I thought I've seen a github commit to add dnscrypt-proxy to cero, did I see wrong? Best regards, Maciej