DNSCrypt How-to guide?

I can confirm the guide to setup version 2 of dnscrypt-proxy works like a charm.

Modifications I made (so far) to dnscrypt-proxy.toml (the configuration file)

server_names = ['d0wn-nl-ns4', 'dnscrypt.eu-dk', 'd0wn-is-ns2', 'dnscrypt.eu-nl']
listen_addresses = ['127.10.10.1:5551', '[::1]:5551']
# I want to use DNSSEC
require_dnssec = true
lb_strategy = 'p2'
log_level = 0
log_file = '/var/log/dnscrypt-proxy.log'
# have been using this with dnscrypt-proxy V1 with success
dnscrypt_ephemeral_keys = true
# non intel cpu's
tls_cipher_suite = [52392, 49199]
# I don't trust the default 9.9.9.9 - use opendns
fallback_resolver = '208.67.222.222:53'
# I don't have ipv6, reference the wiki (making things go fast)
block_ipv6 = true
# dnsmasq already handles the caching
cache = false

'edit'
If you only have IPv4 and you’re using dnsmasq + dnscrypt-proxy V2 + DNSSEC, read this!!!!
'/edit'

The servernames (here) can be found here, options here.
I haven't determined yet if I need to configure logrotation for the log file...

Some things I'm keeping in mind:
With dnscrypt-proxy V1, several listeners are created (if using more than 1 server). This required a dnsmasq configuration, refering each server, something like:

server=127.10.10.1#5551
server=127.10.10.2#5552
server=127.10.10.3#5553
server=127.10.10.4#5554

dnsmasq has a mecanism to test the response time of the servers on a regular base and choose the fastest for a fixed period of time.
Since dnscrypt-proxy V2 is configured on a single IP/port (unless I missed something), dnsmasq now has a single point of failure, the speed test is now integrated in dnscrypt-proxy (if multiple servers are configured).
The dnsmasq cofiguration now looks like:

server=127.0.0.1#5551

The dnscrypt-proxy log indicates:

[2018-04-21 17:04:33] [NOTICE] Server with the lowest initial latency: d0wn-nl-ns4 (rtt: 13ms)
[2018-04-21 17:04:33] [NOTICE] dnscrypt-proxy is ready - live servers: 4

I make it a habit of using the latest (and greatest?) version of dnsmasq.
To achieve this, I download and compile the latest test release here

Regarding FTLDNS (the pihole beta program), I'm wondering if the pihole developers will keep up with new features/fixes/modifications of dnsmasq or will FTLDNS live it's own life?

3 Likes