1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shibby + DNSCrypt + DNSMasq for redirection = Will it work?

Discussion in 'Tomato Firmware' started by LasVegas, Aug 11, 2014.

  1. LasVegas

    LasVegas Serious Server Member

    Okay my goal is to use Tomato by Shibby with DNSCrypt enabled. If I use DNSMasq for certain domains with a DNS redirection service (USAccess, UnoDNS, etc.) will it work in conjunction with DNSCrypt? The other variable is using Intercept DNS port (UDP 53) with hardcoded DNS devices, like the Chromecast and Roku.

    On another note, is there a manual way to add a resolver to Shibby's dnscrypt-proxy list? I'd like to use ns1.wa.us.dns.opennic.glue , but it's not available as a selection.

    Tomato & DNSMasq
    http://digiex.net/guides-reviews/gu...unotelly-use-your-own-dns-server-instead.html

    Tomato & Hardcoded DNS Devices
    http://forums.androidcentral.com/go...-usa-restricted-ip-addresses.html#post2984448
     
  2. lancethepants

    lancethepants Network Guru Member

    When dnscrypt is enabled it is simply used as an upstream server. You should be able to do anything with dnsmasq that you could do with any other resolver. The list is hard-coded. It should be auto-updated when the developers compile new firmware, but they might need to do it manually.
    It sounds like you're using a more up-to-date version of shibby. There is a 'manual entry' available if the resolver you want is not in the list.
     
  3. LasVegas

    LasVegas Serious Server Member

    I was a dip and didn't see that manual DNSCrypt setting in Shibby's firmware (121 build). I got two aspects working, DNSCrypt and DNSMasq entries for DNS redirection (Netflix, Hulu, etc.). I can't get the set-top devices with hardcoded Google DNS to bypass 8.8.8.8 nor 8.8.4.4. I've tried checking Intercept DNS port (UDP 53) and also tried the following in Tomatoe's firewall with no luck:

    iptables -I PREROUTING -t nat -p udp -d 8.8.4.4 --dport 53 -j DNAT --to-destination [DNS redirection server]
    iptables -I PREROUTING -t nat -p udp -d 8.8.8.8 --dport 53 -j DNAT --to-destination [DNS redirection server]
     
  4. Grimson

    Grimson Networkin' Nut Member

    Is it possible that those boxes, with hardcoded dns, use a different port for dns request?
     

Share This Page