Improved DNSCrypt-Proxy init script

This is an improvement on a previous version I posted.  Despite attempts to use pgrep to check for already running instances of DNSCrypt-Proxy, I was ending up with dozens of processes.  This solves the problem, and also adds function to update the resolver file.

#!/bin/sh

# Replaces /etc/config/dnscrypt-proxy
address='127.0.0.1'
port='5353'
resolver='fvz-anyone'
resolvers_list='/opt/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'

PROG=/opt/usr/sbin/dnscrypt-proxy
PIDFILE=/tmp/var/run/dnscrypt-proxy.pid

start () {
  if [ -e "${PIDFILE}" ]; then
    PID=`pgrep dnscrypt-proxy`
    echo "DNSCrypt-Proxy is already running with PID ${PID}".
    logger "$0: DNSCrypt-Proxy already running with PID ${PID}."
    exit
  else
    echo "Starting DNSCrypt-Proxy."
    logger "$0: Starting DNSCrypt-Proxy."
    ${PROG} --local-address=${address}:${port} --resolvers-list=${resolvers_list} --resolver-name=${resolver} --pidfile=${PIDFILE} --ephemeral-keys --daemonize
    sleep 3
    PID=`pgrep dnscrypt-proxy`
    logger "$0: DNSCrypt-Proxy running with PID ${PID}."
  fi
}

stop () {
       echo "Stopping all DNSCrypt-proxy instances..."
       pgrep dnscrypt-proxy | xargs kill
       logger "$0: Stopping DNSCrypt-Proxy."
}

update () {
  # Download new resolvers file
  mv -f ${resolvers_list} ${resolvers_list}.bak
  curl -sk https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv -o ${resolvers_list}
}

if [ "$1" = "start" ]; then
   start
elif [ "$1" = "stop" ]; then
   stop
elif [ "$1" = "restart" ]; then
   stop
   sleep 2
   start
elif [ "$1" = "update" ]; then
   update
   stop
   sleep 2
   start
else
   echo "Usage: dnscrypt-proxy start/stop/restart/update"
fi

DNSCrypt on DD-WRT

Modified from OpenWrt Wiki

Install DNSCrypt-proxy

  1. opkg update
  2. opkg install dnscrypt-proxy

Configure DNSCrypt-proxy

  1. The init script that comes with the optware dnscrypt-proxy package relies on rc.common and function.sh to read config files. However, that didn’t seem to work in my hands. So I’m not using /etc/config/dnscrypt-proxy for configuration. Instead, the options are configured in the init.d script and passed as command line arguments to the binary.

Make a simple init.d script

  1. Updated init.d script

Start dnscrypt-proxy, enable autostart

Call the init.d script from one of the dd-wrt startup files. (I call it from /jffs/etc/config/dnscrypt-proxy.prewall)  However, it looks like the .prewall script gets called multiple times so you must make sure your init.d script doesn’t start multiple processes.

Set DNSMasq to run through DNSCrypt-proxy

Configure DNSMasq – all these options can be entered in the dd-wrt GUI. The address line for pool.ntp.org tells DNSMasq to use that IP for that domain, reducing a time delay that might be critical for DNScrypt’s functionality.

bogus-priv
no-resolv
no-poll
expand-hosts
server=127.0.0.1#5353
address=/pool.ntp.org/208.67.222.222

Restart dnsmasq