First of all, you must install the libsodium library.
You can download the lastest version from here.
Here are all the commands to install libsodium.
|
1 2 3 4 5 6 |
DiskStation> wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.3.tar.gz --no-check-certificate DiskStation> tar xzvf libsodium-1.0.3.tar.gz DiskStation> cd libsodium-1.0.3/ DiskStation> ./configure && make DiskStation> make install DiskStation> cp -a /usr/local/lib/libsodium* /lib/ |
Then you can download the DNSCrypt from here.
Here are all the commands to install DNSCrypt.
|
1 2 3 4 5 |
DiskStation> wget https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.6.0.tar.gz --no-check-certificate DiskStation> tar xzvf dnscrypt-proxy-1.6.0.tar.gz DiskStation> cd dnscrypt-proxy-1.6.0/ DiskStation> ./configure && make DiskStation> make install |
After installed these, you can run the following command to make a clean.
|
1 2 |
DiskStation> cd .. DiskStation> rm -rf libsodium* dnscrypt* |
And you can use the following command to test the DNS service with the Cisco OpenDNS.
|
1 2 3 4 5 6 7 8 9 10 11 |
DiskStation> /usr/local/sbin/dnscrypt-proxy -R "cisco" --test=0 [INFO] - [cisco] does not support DNS Security Extensions [INFO] - [cisco] does not support Namecoin domains [WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern [NOTICE] Starting dnscrypt-proxy 1.6.0 [INFO] Generating a new session key pair [INFO] Done [INFO] Server certificate #1435874751 received [INFO] This certificate looks valid [INFO] Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02] [INFO] Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315 |
If all goes well, you can run the following command to start DNSCrypt and set the DNS service.
|
1 2 |
DiskStation> /usr/local/sbin/dnscrypt-proxy -R "cisco" --daemonize DiskStation> echo 'nameserver 127.0.0.1' > /etc/resolv.conf |
Then you can visit http://www.opendns.com/welcome to make sure if you are using the Cisco OpenDNS service.
Finally you should add a script to rc.d to run DNSCrypt autostart whenever the Synology starts up.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
DiskStation> cd /usr/local/etc/rc.d DiskStation> cat dnscrypt-proxy.sh #!/bin/sh case "$1" in start) /usr/local/sbin/dnscrypt-proxy -R cisco --daemonize ;; stop) pkill dnscrypt-proxy ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 |
I was not 100% successful getting this to work mostly because on the second to last step, Synology’s DSM does not allow for a loopback IP (127.0.0.1) to be used in the network settings. You can force it by editing the network configurations manually in telnet but the DSM just won’t use it. Is there a way to set an alternate IP for DNSCrypt on the DS?
Yes, the DSM is a very worse system, you can change the DNS by editing /etc/resolv.conf manually instead of change the network settings.
A better way is to use the following command to binding the IP address in DNSCrypt such as Intranet IP (like 192.168.1.x) or 0.0.0.0 instead of 127.0.0.1, and then you can set the DNS in the DSM network settings.
Hope that will help you. 🙂
I forgot to mention that I did try to bind to an intranet IP. I was able to execute that command but there was no system output through telnet. I just assumed it was working. However, when I changed the DNS to the specified binding IP, I got no connection to the various services Synology DSM accesses. Is DNSCrypt still valid for DSM 5.2?
Yes, the DNSCrypt is still valid for DSM 5.2. The version of mine is DSM 5.2-5644 Update 3.
By the way, you can run the following command to make sure whether it is working or not.
If it is not working, you should change Cisco OpenDNS to other DNS provider.
Yes, I received output showing it is working. However, when I try to load the package center, I get nothing. Changing it back to standard DNS, I get a connection. Anything else I could try to get this working?
Please use the following command to query the nameserver in the remote console (telnet/ssh) in DSM.
For example,
(The 192.168.1.x is the IP address which you binding in the DNSCrypt.)
Or you can also try to run nslookup in other PC with the same local area network.
In Windows system, you can run:
(The 192.168.1.x is the IP address which you binding in the DNSCrypt.)
I submitted a bounty for a community install package here
https://www.bountysource.com/issues/26525373-request-dnscrypt
Sorry for my late reply, I missed the bounty. XD 🙂
You can install by yourself, that’s not hard to finish.
It has been some time but I wanted to let folks know that community install bounty was completed and dnscrypt is now available on synocommunity
How to install when running DSM 6.1 with Synology DNS Server. Is there a way to impement it in de DNS Server configuratie?
I think it’s same as this article. But I don’t use the Synology DNS Server, that may cause the conflict.