DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. Simply it turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks (MITM) DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker.

Now for the longest time like many others on the net have been wanting to get DNSCrypt working on their routers. One of those limitations has been it has been due to processing power on local home/small office routers. In DD-WRT you need to enable dnsmasq.

Once you have enabled this the next step is you need to go to the administration tab if you notice its not functioning and run the following start-up command:


dnscrypt-proxy -a 127.0.0.53:5353 -R cs-dk -L /etc/dnscrypt/dnscrypt-resolvers.csv

Click here view your selection of DNS servers worldwide running DNSCrypt.

Save

Save

Save

Save

Get an A+ on Qualys SSL Labs Test

Getting an A+ on the Qualys SSL Labs test can be tedious, specially if you are trying to achieve this for the first time. This is a work in progress. In the meantime here are some configurations to aid you
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

Depending on
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;

# Enable HSTS
add_header Strict-Transport-Security max-age=63072000;

# Cache SSL sessions for 10m (this is about 40,000 sessions), timing them out
# after 24 hours.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;

# Set the buffer size to 1400 bytes (that way it fits into a single MTU).
ssl_buffer_size 1400;

#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 8.8.4.4 8.8.8.8 valid=300s;
#resolver_timeout 10s;

Generating Key

cd /etc/nginx
openssl dhparam -out dhparam.pem 4096

Odin Plesk Command

/usr/local/psa/admin/bin/httpdmng –reconfigure-all

nginx -s reload