[Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?

Maciej Soltysiak maciej at soltysiak.com
Mon May 12 01:09:29 PDT 2014


On Sat, May 10, 2014 at 8:42 PM, Aristar <LeetMiniWheat at gmail.com> wrote:
> dnscrypt-proxy is working great though (without needing a resolv
> file), it runs as a daemon and sets up an encrypted connection to
> OpenDNS servers which you then specifcy 127.0.0.1#2053 for dns
> forwarding. I suggested this be added to CeroWRT awhile ago but there
> wasn't much interest, nor any official packages available, though that
> thread I linked above in this thread has a repository and a maintainer
> in the forum thread with a source repo.
I think I expressed my interest too. I have dnscrypt-proxy running for
quite a while on Cero.
Not on latest cero though.

I consider it to be a very nice setup:
- dnsmasq handles dhcp and static assignments, acts faux authoritative
for domains I want to return NXDOMAIN  and acts as local cache
- dnsmasq fowards everything else to local dnscrypt-proxy which sends
encrypted queries to a dnscrypt resolver at the other end (somewhere
over the cloud, 8ms away) which I control and which resolves queries
via unbound. Supports DNSSEC, keeps no logs and has experimental
support for Namecoin's .bit domains.
- I plug the DNS hole in cero's iptables so that no unencrypted DNS
traffic leaves the box.

I thought I've seen a github commit to add dnscrypt-proxy to cero, did
I see wrong?

Best regards,
Maciej


More information about the Cerowrt-devel mailing list