3 questions, Norton, ddwrt config, really working ?

Comments

13 comments

  • Avatar
    rotblitz
    1. That is an NPE problem, not a DNSCrypt problem. Report it to NPE.
    2. http://www.dd-wrt.com/wiki/index.php/OpenDNS
      Btw, if you use DNSCrypt on the computer, the DNS settings on a router (no matter if DD-WRT or not) are not in effect for this computer. You had to install DNSCrypt on the router to get everything done by the router..
    3. Before dnscrypt-proxy, i.e. between the networking applications and the dnscrypt-proxy, the DNS traffic is (must be) unencrypted, else the networking applications could not work. After the dnscrypt-proxy, i.e. between dnscrypt-proxy and the DNS service (e.g. OpenDNS), the DNS traffic is encrypted.
      Reverse test? Loopback? It seems you do not understand how this works. With the DNS protocol no reverse stuff or loopback is involved.
    0
    Comment actions Permalink
  • Avatar
    kwan2

    1. was just curious, if one might have an explanation. nmind

    2. i had looked at that page, however, it doesn't say anything about dnscrypt, just opendns, so I asked. Seems like your saying, if you setup on router, then don't setup on computer as a service, sorry I don't understand what that would mean, and/or how to set up on router.

    3.well, i had read on another website using ping ,   BUT,  from the nslookup, I posted,   what  line  tells  me that its working or not ?

    thx as always

    0
    Comment actions Permalink
  • Avatar
    jedisct1

    1. Norton is crap.

    0
    Comment actions Permalink
  • Avatar
    rotblitz
    1. Each AV and security program may contain or report so called "false positives". That's normal. Nothing in the world is fault-free. In this cases you always have to report this to the supplier. Nobody else in the world can help.
    2. "it doesn't say anything about dnscrypt, just opendns, so I asked."
      Yes, it just talks about OpenDNS. You only said "config a dd-wrt router to use  the service". And the service is OpenDNS. So that's what I answered.
      Is there anything else you want to achieve? You didn't specify anything...
      "Seems like your saying, if you setup on router, then don't setup on computer as a service"
      No, this is not what I said. But I said if you run DNSCrypt on a computer, then this computer does not use the DNS settings of your router, not more, not less. But other computers or devices in your network may not have DNSCrypt installed on them and will therefore use the router's DNS settings.So, you may still want to configure OpenDNS on the router nevertheless.
      "how to set up on router" - Configuring OpenDNS on a router with DD-WRT is described at the link I provided.
    3. Ping? Forget about ping, this is in no way useful to troubleshoot DNS, but for totally different purposes. There's a lot of nonsense on the internet...
      "from the nslookup, I posted, what  line  tells  me that its working or not ?"
      What working? There are several things which can work or not.
      OpenDNS: That you get a "good" response at all, not an error message, so you're using OpenDNS for your DNS lookups.
      Using your settings at OpenDNS: The "id" field. Although you're using OpenDNS for your DNS lookups, you're not using your OpenDNS settings, because your IP address 68.68.36.53 is not registered with your OpenDNS network, therefore "id 0".
      You can correct this here: https://dashboard.opendns.com/settings/
      DNSCryt: "dnscrypt enabled (7136666E76576A42)" - you're using DNSCrypt.
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "how to set up on router"

    Ah, just in case you meant wanting to run the dnscrypt-proxy on your router, not just use OpenDNS on it...

    You visit http://dnscrypt.org/ to download the package (source or binary, whatever is available) for the firmware OS of your router.

    If you got the source package, you compile and bind this into your firmware, with binaries you simply deploy them. Then you configure the dnscrypt-proxy as you want. You should be good to go then.

    If this is all over your head, better leave the fingers from it.

    0
    Comment actions Permalink
  • Avatar
    jedisct1

    You don't need to compile it, it's in Entware.

    Or you can run an open firmware instead. Tomato Shibby and Advanced Tomato support it by default, it can be configured from the web interface.

     

    0
    Comment actions Permalink
  • Avatar
    kwan2

    i flashed one router already with ddwrt, but it did not have enough flashram to run openvpn apparently, so i have one coming in the mail, i was planning on flashing it with ddwrt, perhaps, i should attempt to flash it with tomato, if it's not over my head. 

    yes, what i had meant to ask, 1000 apologies, was  how / if the  dnscrypt proxy was running on desktop, if router somehow would be able to use that service,  guess, i can see  if  entware is over my head, whatever it is.

    jedisct1,  i'm open to  another AV etc,  however had not the time and  geekiness, to set up my own firewalls and such,  instead of Norton,  I can close to buying F-secure based on consumer reports , however,  read some other  analysis, and just had stuck with what i have  

    jedisct1, which AV  /suite might you be using  as a home user ?

     

     

    0
    Comment actions Permalink
  • Avatar
    kwan2

    from reading something about  firewall, i was thinking of ditching Norton, to go back to  what i had used  a long time ago,  Zone Alarm, apparently it differs from all other  fw  ; probably at the time, i used AVG, when life  was simplier,  and i did not do  online  banking  ,  (then guess i would not need a suite)

    0
    Comment actions Permalink
  • Avatar
    kwan2

    yeah, it seems, the though new router is broadcom  it's not gonna be able to run any tomato firmware ;  ddwrt  is open firmware, but  guess, i'd have to know how to  'bind'  it to the the firmware, so

    i have a very small network, but was wanting to build a nice router to the future , eg openvpn  with  dnscrypt   ; i believe what i'm going to need to know  is  after the initial flash  of the linksys E3200 60KB nvram

    which build to flash on the 2nd go around 

    http://dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F#V24_pre_sp2_K26

    http://www.dd-wrt.com/site/support/router-database

    maybe one of them would support  the dns-crypt proxy ?

     

    0
    Comment actions Permalink
  • Avatar
    kwan2

    3. Using your settings at OpenDNS: The "id" field. Although you're using OpenDNS for your DNS lookups, you're not using your OpenDNS settings, because your IP address 68.68.36.53 is not registered with your OpenDNS network, therefore "id 0".
    You can correct this here: https://dashboard.opendns.com/settings/

     

    it sure looks 'registered' to me,  on the webpage and use dns-o-matic     , i  think i will reregister it,  perhaps, i should say  its dynamic, as i often  change  vpn servers ?

    0
    Comment actions Permalink
  • Avatar
    maintenance

    You're going to have to leave anything to do with VPN clients or usage out of it here if you want to progress at all. Nothing at all to do with OpenDNS, DNSCrypt, etc.

    You should probably consider buying a router that is capable of doing the things you want or having alternate firmware installed on it before you order one. I would suggest one that uses or can be flashed with the firmware jedisct1 mentions above. If you find choosing a fw or av /security suite too geeky, I'm not sure how you'll get on with compiling code into firmware.

     

    It is clearly not registered with OpenDNS, as the direct test proves: "id 0". Whether your IP is registered at DNS-O-Matic (why - do you use the service for anything other than updating to OpenDNS?) it isn't at OpenDNS. Either update directly to OpenDNS, or correctly configure your DNSOMatic account to do so.This is positively required with a dynamic IP.  Of course, you shouldn't be updating the public IPs of other networks you happen to be using at the moment.

     

     

    0
    Comment actions Permalink
  • Avatar
    kwan2

    as i've said, i've already flashed one router, and its working fine, perhaps tomato, is the only with native support,  i did fix the  id 0  thing, by deleting the existing IP and just re-entering it  and running the Open DNS updater. 

    i was just wondering if one of ddwrt builds might be better than another  for  some kind of native router support,   thanks for your time, if you take a look at those builds and any feedback  

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Cannot comment on DD-WRT, I don't have enough experience here. But...

    "how / if the  dnscrypt proxy was running on desktop, if router somehow would be able to use that service"

    No problem at all.

    • Assign your desktop a static IP address outside the DHCP range of your router, if not the case already anyway.
    • Get the dnscrypt-proxy to listen on your desktop's static IP address instead of 127.0.0.1
      dnscrypt-proxy --local-address=192.168.0.15     (IP address is just an example!)
    • Change your desktop's DNS server settings to point to this static IP address instead of 127.0.0.1.
    • Change the DHCP server on the router to propagate your desktop's static IP address as the only one DNS server address.

    All devices with DHCP enabled and also your desktop will now use DNSCrypt, the DNSCrypt running on your desktop. No need to mention that your desktop must be running all the time, else the other devices do not have DNS at all.

    And no, when using a VPN, you do not use your computer's standard or your router's DNS settings and not your DNSCrypt, but the DNS service configured at the remote end of the VPN or propagated by the VPN via DHCP. Some VPNs use virtual LAN adapters where you can indeed configure OpenDNS and/or DNSCrypt separately for this specific VPN connection though.

    0
    Comment actions Permalink

Please sign in to leave a comment.