DNSCrypt on DD-WRT

Modified from OpenWrt Wiki

Install DNSCrypt-proxy

  1. opkg update
  2. opkg install dnscrypt-proxy

Configure DNSCrypt-proxy

  1. The init script that comes with the optware dnscrypt-proxy package relies on rc.common and function.sh to read config files. However, that didn’t seem to work in my hands. So I’m not using /etc/config/dnscrypt-proxy for configuration. Instead, the options are configured in the init.d script and passed as command line arguments to the binary.

Make a simple init.d script

  1. Updated init.d script

Start dnscrypt-proxy, enable autostart

Call the init.d script from one of the dd-wrt startup files. (I call it from /jffs/etc/config/dnscrypt-proxy.prewall)  However, it looks like the .prewall script gets called multiple times so you must make sure your init.d script doesn’t start multiple processes.

Set DNSMasq to run through DNSCrypt-proxy

Configure DNSMasq – all these options can be entered in the dd-wrt GUI. The address line for pool.ntp.org tells DNSMasq to use that IP for that domain, reducing a time delay that might be critical for DNScrypt’s functionality.

bogus-priv
no-resolv
no-poll
expand-hosts
server=127.0.0.1#5353
address=/pool.ntp.org/208.67.222.222

Restart dnsmasq