Results 1 to 6 of 6

Thread: Help configuring DNSCrypt

  1. #1
    Join Date
    Oct 2012
    Beans
    8

    Help configuring DNSCrypt

    I set up DNSCrypt using the following guide: http://linuxaria.com/howto/dnscrypt-...equest?lang=en

    However, when I set my dhcp address to 127.0.0.2 (making sure that it's set to addresses only in Network Manager), Firefox can't find any web pages.

    Verified that nscd is installed.
    Code:
    sudo service nscd status
    
     * Status of Name Service Cache Daemon service: running.
    Verified that resolv.conf has the edns0 option there

    Code:
    sudo cat /etc/resolv.conf
    
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 75.75.75.75
    nameserver 75.75.76.76
    nameserver 127.0.0.2
    search hsd1.fl.comcast.net
    options edns0
    verified that dnsmasq is disabled

    Code:
    sudo cat /etc/NetworkManager/NetworkManager.conf
    
    [main]
    plugins=ifupdown,keyfile
    #dns=dnsmasq
    
    [ifupdown]
    managed=false
    verified that the startup script was created

    Code:
    sudo cat /etc/init/dns-proxy.conf
    
    pre-start script
    mkdir -p /run/dnscrypt
    end script
    
    start on (local-filesystems and net-device-up IFACE=lo)
    stop on runlevel [!2345]
    
    exec /usr/sbin/dnscrypt-proxy -a=127.0.0.2 --edns-payload-size=4096 --pidfile=/run/dnscrypt-proxy.pid --resolver-port=443 --local-port=53 --user=dnscrypt
    Here's the verification of the symlink

    Code:
    ls /etc/init.d | grep dnscrypt
    
    dnscrypt-proxy
    Here's the dnscrypt-proxy service's status

    Code:
    service dnscrypt-proxy status
    
    dnscrypt-proxy stop/waiting

  2. #2
    Join Date
    Mar 2005
    Beans
    211

    Re: Help configuring DNSCrypt

    [QUOTE=htorres;12698821]
    Code:
    sudo cat /etc/resolv.conf
    
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 75.75.75.75
    nameserver 75.75.76.76
    nameserver 127.0.0.2
    search hsd1.fl.comcast.net
    options edns0
    You have to arrange for 127.0.0.2 to be the only address listed in resolv.conf.

    The correct way to arrange for that is to run the following command after dnscrypt-proxy has started

    echo "nameserver 127.0.0.2" | resolvconf -a lo.dnscrypt

    and to run the following command before stopping dnscrypt-proxy.

    resolvconf -d lo.dnscrypt

    Assuming you are using Upstart, these commands should be added to the appropriate places (presumably in the post-start and pre-stop clauses, respectively) in your Upstart job configuration for dnscrypt-proxy. Make sure that you do not have "nameserver 127.0.0.2" in any of the files in /etc/resolvconf/resolv.conf.d/.

  3. #3
    Join Date
    Oct 2012
    Beans
    8

    Re: Help configuring DNSCrypt

    Thanks for taking the time to answer me. I did everything you mentioned and rebooted. On reboot, my internet still isn't working. My /etc/resolv.conf has only one nameserver line in it set to 127.0.0.2.

    Here's the contents of dnscrypt-proxy.conf (it's what's symlinked to the upstart job)

    Code:
    pre-start script
    mkdir -p /run/dnscrypt
    end script
    
    
    post-start script
    echo "nameserver 127.0.0.2" | resolvconf -a lo.dnscrypt
    end script
    
    pre-stop script
    resolvconf -d lo.dnscrypt
    end script
    
    start on (local-filesystems and net-device-up IFACE=lo)
    stop on runlevel [!2345]
    
    exec /usr/sbin/dnscrypt-proxy -a=127.0.0.2 --edns-payload-size=4096 --pidfile=/run/dnscrypt-proxy.pid --resolver-port=443 --local-port=53 --user=dnscrypt

  4. #4
    Join Date
    Mar 2005
    Beans
    211

    Re: Help configuring DNSCrypt

    Quote Originally Posted by htorres View Post
    On reboot, my internet still isn't working. My /etc/resolv.conf has only one nameserver line in it set to 127.0.0.2.
    That is as it should be. The resolver should communicate with dnscrypt-proxy which is — or should be — listening at address 127.0.0.2.

    Quote Originally Posted by htorres View Post
    Here's the contents of dnscrypt-proxy.conf (it's what's symlinked to the upstart job)

    Code:
    pre-start script
    mkdir -p /run/dnscrypt
    end script
    
    post-start script
    echo "nameserver 127.0.0.2" | resolvconf -a lo.dnscrypt
    end script
    
    pre-stop script
    resolvconf -d lo.dnscrypt
    end script
    
    start on (local-filesystems and net-device-up IFACE=lo)
    stop on runlevel [!2345]
    
    exec /usr/sbin/dnscrypt-proxy -a=127.0.0.2 --edns-payload-size=4096 --pidfile=/run/dnscrypt-proxy.pid --resolver-port=443 --local-port=53 --user=dnscrypt
    Minor point: I'd suggest putting the pidfile in /run/dnscrypt/.

    Looking at the dnscrypt-proxy man page I don't see a "--local-port" option. Perhaps you are running a different version. I don't think you need that option because 53 is the default.

    You use "--user=dnscrypt". Have you made sure that the user "dnscrypt" has a home directory?

    Does "dig @127.0.0.2 www.google.com" work?
    Does "dig @8.8.8.8 www.google.com" work?
    Does "dig @208.67.222.222 www.google.com" work?
    Can you ping hosts on the internet, e.g., 8.8.8.8 and 208.67.222.222?

  5. #5
    Join Date
    Oct 2012
    Beans
    8

    Re: Help configuring DNSCrypt

    Quote Originally Posted by jdthood View Post
    Minor point: I'd suggest putting the pidfile in /run/dnscrypt/.

    Looking at the dnscrypt-proxy man page I don't see a "--local-port" option. Perhaps you are running a different version. I don't think you need that option because 53 is the default.

    You use "--user=dnscrypt". Have you made sure that the user "dnscrypt" has a home directory?

    Does "dig @127.0.0.2 www.google.com" work?
    Does "dig @8.8.8.8 www.google.com" work?
    Does "dig @208.67.222.222 www.google.com" work?
    Can you ping hosts on the internet, e.g., 8.8.8.8 and 208.67.222.222?
    This is odd. I can't find a pid file.
    I first tried
    Code:
    ls -a /run | grep dnscrypt
    It only returned the directory that's created in the upstart script.

    So then I tried to find it in the source tarball.
    Code:
    [dnscrypt-proxy/] $ find ./ -name dnscrypt-proxy.pid
    I got nothing.

    The user exists and his home directory is /run/dnscrypt

  6. #6
    Join Date
    Mar 2005
    Beans
    211

    Re: Help configuring DNSCrypt

    Please post the output of those "dig" and "ping" commands too.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •