Short tutorial on how to set up DNSCrypt on DD-WRT using the public OpenDNS resolver.
- A router with DD-WRT (brainslayer builds r32170 or later, or a kong build after March 2017)
Log in to the DD-WRT web interface and navigate to the Services -> Services page.
In the DNSMasq section check 'Enable' next to the 'DNSMasq' and 'Encrypt DNS' settings. In the drop down menu for the DNSCrypt resolver select 'Cisco OpenDNS'.
Click 'Apply Settings' at the bottom of the page.
Next navigate to the Setup -> Basic Setup page.
In the 'Network Address Server Settings (DHCP)' section check the option 'Use DNSMasq for DNS'.
Click 'Apply Settings'.
DNSCrypt should now be setup.
Check DNSCrypt is Working
If you're using OpenDNS then you can check DNSCrypt is enabled by querying the txt record on debug.opendns.com:
On Windows open powershell and run the following:
nslookup -type=txt debug.opendns.com.
Note: the extra '.' at the end of the domain name is required!
On Linux run:
dig debug.opendns.com txt
In the output you should see a line similar to:
debug.opendns.com text = "dnscrypt enabled (XXXXXXXXXXXXXXXX)"