Beryl, openwrt-mt1300-3.212-0301-BETA1.bin, connected by cable
(Without even touching the router) since ~ 16:30 UTC the builtin DNSCrypt-proxy (MORE SETTINGS | Custom DNS Server | Dnscrypt-Proxy Settings)¹ does not respond to requests anymore:
System Log shows repeating lines like Sat Mar 26 16:42:32 2022 daemon.info dnscrypt-proxy[31487]: dnscrypt-proxy Refetching server certificates Sat Mar 26 16:42:47 2022 daemon.err dnscrypt-proxy[31487]: dnscrypt-proxy Unable to retrieve server certificates
Same on Lab-Beryl (same FW). Please quickly find a solution for other customers (mine in next post).
¹ the settings (same /w cisco, dnscrypt-eu-dk, yandex, … as selected server)
upgrade to latest snapshot (in my case openwrt-mt1300-3.212-0326.bin)
wait for GL-inet to react
edit: @GL-inet:
funny: DNS resolution works again but System Log still shows loads of entries: Sat Mar 26 18:28:55 2022 daemon.info dnscrypt-proxy[6526]: dnscrypt-proxy Refetching server certificates Sat Mar 26 18:29:10 2022 daemon.err dnscrypt-proxy[6526]: dnscrypt-proxy Unable to retrieve server certificates Sat Mar 26 18:29:40 2022 daemon.info dnscrypt-proxy[6526]: dnscrypt-proxy Refetching server certificates Sat Mar 26 18:29:55 2022 daemon.err dnscrypt-proxy[6526]: dnscrypt-proxy Unable to retrieve server certificates Sat Mar 26 18:30:28 2022 daemon.info dnscrypt-proxy[6526]: dnscrypt-proxy Refetching server certificates Sat Mar 26 18:30:43 2022 daemon.err dnscrypt-proxy[6526]: dnscrypt-proxy Unable to retrieve server certificates
adguard-dns-ns1 works again - maybe it was just down?
tried a few today - these are the results from Beryl, openwrt-mt1300-3.212-0301-BETA1.bin:
server - reply time
adguard-dns-ns1 - 3s
adguard-dns-ns2 - time out ("to")
bikinhappy-sg - to
cisco - 3s
cs-de - to
d0wn-fr-ns1 - to
d0wn-se-ns1 - to
dnscrypt.eu-dk - to
fvz-anyone - to
securedns - to
yandex - immediate
That’s surely not satisfying.
Tried the same with openwrt-mt1300-3.212-0329.bin
server - reply time
adguard-dns-ns1 - immediate (i)
adguard-dns-ns2 - time out ("to")
bikinhappy-sg - to
cisco - i
cs-de - to
d0wn-fr-ns1 - to
d0wn-se-ns1 - to
dnscrypt.eu-dk - to
fvz-anyone - to
securedns - to
yandex - i
Does the servers list need a severe cleanup or are there just compatibility/cert issues with many servers?
just tested again: Out of above list only cisco answers RN using openwrt-mt1300-3.212-0301-BETA1.bin. Using openwrt-mt1300-3.212-0329.bin it’s like yesterday.
Whilst you’re at it: Pls add a 2nd (‘backup’) DNS resolver.
Wouldn’t have helped me (as adguard-dns-ns1and2 are down) but would help in many cases (making the product more reliable and reducing support effort).
Thank you!
Unfortunately quite the opposite:
In openwrt-mt1300-3.212-0401.bin none of the DNSCrypt-proxies work anymore. Furthermore you removed working ones like adgurd-dns-ns1.
Pls fix, I’ll switch back to openwrt-mt1300-3.212-0331.bin for now.
Which server worked for you? All I tried gave timeout.
My version says Compile Time 2022-04-01 10:05:24 in WebUI | UPGRADE, did you use that very version?
edit: Pretty strange… Re-flashed …-0401.bin, appears to work now.
The real issue is that gl-sdk currently depends on dnscrypt-proxy. So I can’t even take it off and replace it with dnscrypt-proxy2 (which is currently more supported).
If you could make gl-sdk independent of dnscrypt-proxy, then it would be possible to replace it with version 2 without breaking the router.
I think longer term it would still be better to break the dependency between gl-sdk and dnscrypt-proxy so it can be replaced. Because currently instaling dnscrypt-proxy2 just breaks the front end (asked to set a new password and can’t log into the UI).
