Supported routers (Netgear R7800, R8900, and R9000)
- Make sure telnet is enabled in your router. You can visit this page and enable (login when prompted): http://www.routerlogin.com/debug.htm.
- Once you telnet into your router using your routers password, you should setup your SSH key.
- [Recommended] Add SSH key
id_rsa.pub
to/root/.ssh/authorized_keys
(You might have to create this dir and file manually if not it doesn't already exist).
Run the below commands one line at a time in your telnet/ssh console.
To enable DNSCrypt-Proxy v2.
nvram set dnscrypt2=1
nvram commit
reboot
Reboot your router (reboot
command will reboot your router or you can manually reboot too).
To disable DNSCrypt-Proxy v2.
nvram set dnscrypt2=0
nvram commit
reboot
Reboot your router.
/etc/init.d/dnscrypt-proxy-2 restart
cat /var/log/dnscrypt-proxy-2.log
To schedule a job to automatically update the
blacklist.txt
file every morning at 4:00am, run these commands from telnet/ssh console.
echo '#!/bin/sh' >/usr/bin/update_blacklist.sh
echo 'wget -O /etc/blacklist.txt download.dnscrypt.info/blacklists/domains/mybase.txt' >>/usr/bin/update_blacklist.sh
echo '[ $? -ne 0 ] && exit 1' >>/usr/bin/update_blacklist.sh
echo '/etc/init.d/dnscrypt-proxy-2 restart' >>/usr/bin/update_blacklist.sh
chmod +x /usr/bin/update_blacklist.sh
/usr/bin/update_blacklist.sh
[ ! -e /etc/rc.local.bak ] && cp -p /etc/rc.local /etc/rc.local.bak
echo >>/etc/rc.local
echo 'mkdir -p /opt/tmp/cronblacklist/crontabs && echo "0 4 * * * /usr/bin/update_blacklist.sh" >/opt/tmp/cronblacklist/crontabs/root && crond -c /opt/tmp/cronblacklist/crontabs -T '"'"'$($CONFIG get time_zone)'"'"'' >/tmp/x.blacklist
sed -n -i -e '/^exit 0/r /tmp/x.blacklist' -e 1x -e '2,${x;p}' -e '${x;p}' /etc/rc.local
sed -i '$ { /^$/ d}' /etc/rc.local
\rm /tmp/x.blacklist
reboot
Reboot your router.
\cp -p /etc/rc.local.bak /etc/rc.local
\rm /usr/bin/update_blacklist.sh
\rm /etc/blacklist.txt
\rm -rf /opt/tmp/cronblacklist/
/etc/init.d/dnscrypt-proxy-2 restart
Reboot your router.
To edit the configuration file, run these commands from telnet/ssh console.
vi /etc/dnscrypt-proxy-2.toml
- Press
i
button to put the editor in insert/edit mode. - Make your changes.
- Press
esc
button, type:x
and press return/enter to save and exit editor. - Press
esc
button, type:q!
and press return/enter to exit the editor without saving changes.
/usr/sbin/dnscrypt-proxy-2 -config=/etc/dnscrypt-proxy-2.toml -check
To restore the original
dnscrypt-proxy-2.toml
file.
\cp -p /rom/etc/dnscrypt-proxy-2.toml /etc/dnscrypt-proxy-2.toml
To only display the configuration file.
cat /etc/dnscrypt-proxy-2.toml
- https://ipleak.net/
- Extended Test: https://www.dnsleaktest.com/
- If you use Cloudflare 1.1.1.1 DNS: https://www.cloudflare.com/ssl/encrypted-sni/
This is a modified version of the instructions originally posted here.