dnscrypt-proxy settings

amaro · 2023-11-04 11:27:23

Hello everybody!

After reading this comment https://dev1galaxy.org/viewtopic.php?pid=24007#p24007 I installed 'dnscrypt-proxy' and changed the config file as follows

# cat /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = ['127.0.0.1:53', '[::1]:53']
server_names = ['cloudflare']

Trying to see if it is working I checked this website 'whatismyproxy[.]com' but it says I don't use proxy

http://www.whatismyproxy.com/
No proxies were detected.

Also, upon changing the network setting in 'librewolf' to proxy 127.0.0.1 and port 53 'librewolf stops working and I get 'server not found' message.

Lastly, Arch wiki suggests updating the 'resolv.conf' with

https://wiki.archlinux.org/title/Dnscrypt-proxy

nameserver ::1
nameserver 127.0.0.1
options edns0

I tried that too but it made no difference.

What are the correct settings for 'dnscrypt-proxy'?
Thank you in advance!

p.s. Currently I use Cloudflare servers

# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1
nameserver 1.0.0.1

Last edited by amaro (2023-11-04 11:31:07)

dzz · 2023-11-04 13:55:14

Working (for me) /etc/dnscrypt-proxy/dnscrypt-proxy.toml :

# Empty listen_addresses to use systemd socket activation
listen_addresses = ['127.0.2.1:53']
server_names = ['cloudflare']

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

[sources]
  [sources.'public-resolvers']
  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''

** I use network-manager. In ipv4 settings, "Method" is "Automatic (DHCP) addresses only" and "DNS servers" is "127.0.2.1" **

I have used https://ipleak.net/ to test but can't verify their reliability. Shows cloudfare dns.

root@ceres:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 127.0.2.1

Last edited by dzz (2023-11-04 14:40:00)

amaro · 2023-11-04 17:48:42

Thank you, dzz!

With my settings if I use the 'system proxy' option in 'librewolf' everything works fine.
I have just tried your settings and everything works fine with the 'system proxy' option in 'librewolf'.
But if I put your settings in the 'manual proxy' option 'librewolf' doesn't work.

Next, I tested both your link and the link suggested on the Arch wiki page to see if everything works

https://ipleak.net/
https://dnsleaktest.com/

and they show similar results -> 2 cloudflare servers.

The 'whatismyproxy[.]com' still gives the same result though

http://www.whatismyproxy.com/
No proxies were detected.

I do not know if that is a real issue.

So my guess is that the 'system proxy' option in 'librewolf' is working fine.
(Maybe 'dnscrypt-proxy' doesn't allow manual browser settings, who knows.)

amaro · 2023-11-05 08:38:18

That's weird. Upon reboot 'dnscrypt-proxy' stopped working.

root@ ~ 
# service dnscrypt-proxy status
Stopped
root@ ~
# service dnscrypt-proxy start
Starting dnscrypt-proxy
Unable to start, see /var/log/dnscrypt-proxy.log and /var/log/dnscrypt-proxy.err
root@ ~ 
# service dnscrypt-proxy enable
Usage: /etc/init.d/dnscrypt-proxy {start|stop|restart|status}

The error file shows

# cat /var/log/dnscrypt-proxy.err
[2023-11-04 22:59:45] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-04 22:59:45] [NOTICE] Network not available yet -- waiting...
[2023-11-04 23:00:04] [NOTICE] Network connectivity detected
[2023-11-04 23:00:04] [FATAL] listen udp 127.0.2.1:53: bind: address already in use
[2023-11-04 23:12:21] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-04 23:12:21] [NOTICE] Network connectivity detected
[2023-11-04 23:12:21] [FATAL] listen udp 127.0.2.1:53: bind: address already in use
[2023-11-04 23:52:48] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-04 23:52:48] [NOTICE] Network connectivity detected
[2023-11-04 23:52:48] [FATAL] listen udp 127.0.2.1:53: bind: address already in use

What might cause such error? How to proceed?

Last edited by amaro (2023-11-05 08:39:23)

dzz · 2023-11-05 13:01:58

Seems something else is using 127.0.2.1:53 (maybe another instance of dnscrypt-proxy?) You could investigate using lsof and ps ..

Or just change 127.0.2.1:53 to 127.0.0.1:53, that's the default anyway. I only use 127.0.2.1 from an older release custom config, which simply works here. Remember to update network-manager configs also, if you use that. Should all be good after a reboot.

boughtonp · 2023-11-05 14:42:23

Running ss -ltnp sport 53 - as root/sudo - should confirm which process is listening on port 53.

Strictly, only -l (--listening) and -p (--processes) are needed here, but depending on what one is filtering, limiting to -t (--tcp) and -n (--numeric) makes the output clearer.

Last edited by boughtonp (2023-11-05 14:43:27)

amaro · 2023-11-06 11:38:35

Looks like 'dnsmasq' is using port 53

# ss -ltnp sport 53
State        Recv-Q       Send-Q             Local Address:Port             Peer Address:Port      Process      
LISTEN       0            32                       0.0.0.0:53                    0.0.0.0:*          users:(("dnsmasq",pid=3600,fd=5))

Following the arch wiki I edited the '/etc/dnsmasq.conf'

no-resolv
server=::1#53000
server=127.0.0.1#53000
listen-address=::1,127.0.0.1

Unfortunately it did not help.

# service dnscrypt-proxy start
Starting dnscrypt-proxy
Unable to start, see /var/log/dnscrypt-proxy.log and /var/log/dnscrypt-proxy.err

The error file shows

[2023-11-06 13:08:48] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-06 13:08:48] [FATAL] Unsupported key in configuration file: [sources.public-resolvers.cache]
[2023-11-06 13:12:25] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-06 13:12:25] [FATAL] Unsupported key in configuration file: [sources.public-resolvers.cache]
[2023-11-06 13:16:28] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-06 13:16:28] [FATAL] Unsupported key in configuration file: [sources.public-resolvers.cache]
[2023-11-06 13:18:42] [NOTICE] dnscrypt-proxy 2.0.45
[2023-11-06 13:18:42] [FATAL] Unsupported key in configuration file: [sources.public-resolvers.cache]

Any suggestions are appreciated!

The officially official Devuan Forum!

#1 2023-11-04 11:27:23

dnscrypt-proxy settings

#2 2023-11-04 13:55:14

Re: dnscrypt-proxy settings

#3 2023-11-04 17:48:42

Re: dnscrypt-proxy settings

#4 2023-11-05 08:38:18

Re: dnscrypt-proxy settings

#5 2023-11-05 13:01:58

Re: dnscrypt-proxy settings

#6 2023-11-05 14:42:23

Re: dnscrypt-proxy settings

#7 2023-11-06 11:38:35

Re: dnscrypt-proxy settings

Board footer