This setup passes all DNS tests on both ipv6 test website mentioned above, and gives the fullest security of OpenDNS. (it has a different resolver (DNS server) as default, be sure to change), and the wiki mentions the few simple modifications needed to /etc/config/dhcp.
etc/config/dnscrypt-proxy only needs to contain: The wiki link shows the few, simple configuration changes you need to make. This will use OpenDNS's servers (208.67.222.222 and 208.67.220.220) but add the additional security of DNSCrypt. In the /etc/config/dnscrypt-proxy config file, just make sure that option resolver is set to cisco. This is because it's using the DNS servers specified for WAN6 as default, and as I said those do not include all of OpenDNS's built-in security.Īn even better recommendation (my current setup) would be to use DNSCrypt to access OpenDNS's DNS servers. This is because OpenDNS's DNS servers that you have configured on the WAN interface (208.67.222.222 and 208.67.220.220) not only fully support ipv6 and pass all DNS tests at and, but the OpenDNS servers on the WAN6 interface (2620:0:ccc:::0:ccd::2) don't support the safety and security features that OpenDNS includes in it's primary DNS servers.įor example, with your default setup, if you go to, it shows OpenDNS is being used, but if you click on the link for the demo phishing site, it's not blocked. Leave the setting engaged to not use DNS servers advertised from peer (" option peerdns '0'" so it doesn't pull servers from the ISP). I would recommend removing the DNS servers for OpenDNS from the WAN6 interface.
0 kommentar(er)
