DNSCrypt on DD-WRT with OpenDNS


Requirements

Configuration

  1. Log in to the DD-WRT web interface and navigate to the Services -> Services page.
  2. In the DNSMasq section check ‘Enable’ next to the ‘DNSMasq’ and ‘Encrypt DNS’ settings. In the drop down menu for the DNSCrypt resolver select ‘Cisco OpenDNS’.

    Configure DNSCrypt resolver

  3. Click ‘Apply Settings’ at the bottom of the page.

  4. Next navigate to the Setup -> Basic Setup page.

  5. In the ‘Network Address Server Settings (DHCP)’ section check the option ‘Use DNSMasq for DNS’.

  6. Click ‘Apply Settings’.

DNSCrypt should now be setup.

Check DNSCrypt is Working

If you’re using OpenDNS then you can check DNSCrypt is enabled by querying the txt record on debug.opendns.com:

On Windows open powershell and run the following:

1
nslookup -type=txt debug.opendns.com.

Note: the extra ‘.’ at the end of the domain name is required!

On Linux run:

1
dig debug.opendns.com txt

In the output you should see a line similar to:

1
debug.opendns.com       text = "dnscrypt enabled (XXXXXXXXXXXXXXXX)"