Closed Kylvan-8 closed 4 years ago
Maybe something is trying to start it twice?
This is a "how to use Linux" question rather than a question about dnscrypt-proxy
, so you may have more success on forums about Linux.
Maybe reinstall the service with sudo ./dnscrypt-proxy -service stop
followed by sudo ./dnscrypt-proxy -service start
?
Please can you help me to fix this asap and give me indications for this to not happen again ?
...
No it doesn't start twice as the process ID is the same in netstat, stop and start doesn't change anything. But there already have been issue with dnscrypt-proxy
https://github.com/DNSCrypt/dnscrypt-proxy/issues/876
Even if this doesn't help me much.
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -service stop
[2020-02-19 12:09:42] [NOTICE] Service stopped
pi@Raspberry:~ $ sudo netstat -a -n -o -p | grep 5392
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -service start
[2020-02-19 12:09:54] [NOTICE] dnscrypt-proxy 2.0.31
[2020-02-19 12:09:54] [NOTICE] Network connectivity detected
[2020-02-19 12:09:54] [NOTICE] Source [public-resolvers.md] loaded
[2020-02-19 12:09:54] [NOTICE] Source [relays.md] loaded
[2020-02-19 12:09:54] [NOTICE] Service started
pi@Raspberry:~ $ sudo netstat -a -n -o -p | grep 5392
tcp 0 0 127.0.0.1:5392 0.0.0.0:* LISTEN 2818/dnscrypt-proxy off (0.00/0/0)
udp 0 0 127.0.0.1:5392 0.0.0.0:* 2818/dnscrypt-proxy off (0.00/0/0)
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy ?
[2020-02-19 12:10:06] [NOTICE] dnscrypt-proxy 2.0.31
[2020-02-19 12:10:06] [NOTICE] Network connectivity detected
[2020-02-19 12:10:06] [NOTICE] Source [public-resolvers.md] loaded
[2020-02-19 12:10:06] [NOTICE] Source [relays.md] loaded
[2020-02-19 12:10:06] [NOTICE] Firefox workaround initialized
[2020-02-19 12:10:06] [FATAL] listen udp 127.0.0.1:5392: bind: address already in use
EDIT : Can't reach domains
And the service seems to work fine :
I've also try the solution there by @mibere but it doesn't work related to : https://github.com/DNSCrypt/dnscrypt-proxy/issues/398
Same here with v2.0.39
[FATAL] listen udp 127.11.11.3:7753: bind: address already in use
But that's not a bug. You run the command
sudo /opt/dnscrypt-proxy/dnscrypt-proxy ?
Whats your plan with the question mark at the end of that command? With your command you start dnscrypt-proxy a 2nd time, and that aborts correctly as it's already running (on port 5392)
Same here with v2.0.39
[FATAL] listen udp 127.11.11.3:7753: bind: address already in use
But that's not a bug. You run the command
sudo /opt/dnscrypt-proxy/dnscrypt-proxy ?
Whats your plan with the question mark at the end of that command? With your command you start dnscrypt-proxy a 2nd time, and that aborts correctly as it's already running (on port 5392)
I can't reach domains as shown above so i try to get something to work and see from where it comes.
sudo systemctl stop dnscrypt-proxy.service
sudo systemctl start dnscrypt-proxy.service
/opt/dnscrypt-proxy/dnscrypt-proxy -resolve google.com
If the resolving doesn't work, did you try to choose different DNSCrypt server in /opt/dnscrypt-proxy/dnscrypt-proxy.toml?
sudo systemctl stop dnscrypt-proxy.service sudo systemctl start dnscrypt-proxy.service /opt/dnscrypt-proxy/dnscrypt-proxy -resolve google.com
If the resolving doesn't work, did you try to choose different DNSCrypt server in /opt/dnscrypt-proxy/dnscrypt-proxy.toml?
Yes i've tried with cloudflare and google, before that i had set it up with scaleway fr but same issue.
Anything useful in the dnscrypt-proxy log if you set log_level = 0
(very verbose) in
dnscrypt-proxy.toml and then restart it?
try: ps -aux |grep dnscrypt
then you should get the $prozessid (or pid)
then kill -9 $prozessid
sudo service dnscrypt-proxy restart && tail -f [path-to-logfile]
b) what kind of linux or BSD do you use? /opt/... sounds like a router or a NAS
other question, coulf you ping 1.1.1.1
or ping 8.8.8.8
whats about dig google.com @127.0.0.1 -p 5392
Anything useful in the dnscrypt-proxy log if you set
log_level = 0
(very verbose) in dnscrypt-proxy.toml and then restart it?
Where can i see the log once activated ?
EDIT: Nvm
pi@Raspberry:~ $ sudo cat /var/log/dnscrypt-proxy.log [2020-02-19 13:19:38] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:19:38] [NOTICE] Network connectivity detected [2020-02-19 13:19:38] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:19:38] [NOTICE] Source [relays.md] loaded [2020-02-19 13:19:38] [NOTICE] Firefox workaround initialized [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:19:39] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:19:39] [NOTICE] [google] OK (DoH) - rtt: 204ms [2020-02-19 13:19:39] [NOTICE] Server with the lowest initial latency: google (rtt: 204ms) [2020-02-19 13:19:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1
try:
ps -aux |grep dnscrypt
then you should get the $prozessid (or pid)
then
kill -9 $prozessid
sudo service dnscrypt-proxy restart && tail -f [path-to-logfile]
b) what kind of linux or BSD do you use? /opt/... sounds like a router or a NAS
Command doesn't work
pi@Raspberry:~ $ sudo service dnscrypt-proxy restart && tail -f /home/pi/testlog.txt tail: impossible d'ouvrir '/home/pi/testlog.txt' en lecture: Aucun fichier ou dossier de ce type tail: aucun fichier restant
other question, coulf you
ping 1.1.1.1
orping 8.8.8.8
whats about
dig google.com @127.0.0.1 -p 5392
Yes i can ping both ip.
pi@Raspberry:~ $ dig google.com @127.0.0.1 -p 5392
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 -p 5392 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6826 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 87 IN A 216.58.201.238
;; Query time: 102 msec ;; SERVER: 127.0.0.1#5392(127.0.0.1) ;; WHEN: mer. fvr. 19 13:15:25 CET 2020 ;; MSG SIZE rcvd: 55
oke i startet laptop, my wife gonna kill me... but that's another problem, not yours...
oke, let's get the party start
a) Logging try
where log_file = '/var/log/dnscrypt-proxy-test.log'
defineds the path to logfile
then in a second ssh session (in a second window) tail - f [path-to-logfile]
b) dig command dig and ping runs, so your raspi could communicate with the hole world
is the problem still there?
--> dig resolves dns names in ip adresses by a specific @server -p PORT
c) if dig google.com @127.0.0.1 -p 5392
run's the problem is bettwen piholen <-> dnscrypt and NOT in dnscrypt
oke i startet laptop, my wife gonna kill me... but that's another problem, not yours...
oke, let's get the party start
a) Logging try
where
log_file = '/var/log/dnscrypt-proxy-test.log'
defineds the path to logfilethen in a second ssh session (in a second window)
tail - f [path-to-logfile]
b) dig command dig and ping runs, so your raspi could communicate with the hole world
is the problem still there?
After applying your settings
pi@Raspberry:~ $ sudo cat /var/lo local/ lock/ log/ pi@Raspberry:~ $ sudo cat /var/log/dnscrypt-proxy.log [2020-02-19 13:19:38] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:19:38] [NOTICE] Network connectivity detected [2020-02-19 13:19:38] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:19:38] [NOTICE] Source [relays.md] loaded [2020-02-19 13:19:38] [NOTICE] Firefox workaround initialized [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:19:39] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:19:39] [NOTICE] [google] OK (DoH) - rtt: 204ms [2020-02-19 13:19:39] [NOTICE] Server with the lowest initial latency: google (rtt: 204ms) [2020-02-19 13:19:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1 [2020-02-19 13:28:44] [NOTICE] Stopped. [2020-02-19 13:28:52] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:28:52] [NOTICE] Network connectivity detected [2020-02-19 13:28:52] [NOTICE] Source [relays.md] loaded [2020-02-19 13:28:52] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:28:52] [NOTICE] Firefox workaround initialized [2020-02-19 13:28:52] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:28:52] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:28:53] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:28:53] [NOTICE] [google] OK (DoH) - rtt: 91ms [2020-02-19 13:28:53] [NOTICE] Server with the lowest initial latency: google (rtt: 91ms) [2020-02-19 13:28:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
pi@Raspberry:~ $ sudo service dnscrypt-proxy stop pi@Raspberry:~ $ sudo service dnscrypt-proxy start pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -resolve github.com Resolving [github.com]
Domain exists: probably not, or blocked by the proxy Canonical name: - IP addresses: - TXT records: -
c) if
dig google.com @127.0.0.1 -p 5392
run's the problem is bettwen piholen <-> dnscrypt and NOT in dnscrypt
So what should i do ? I don't have error in pi hole diagnosis with 'pihole -p' command
oke i startet laptop, my wife gonna kill me... but that's another problem, not yours...
oke, let's get the party start
Thanks for taking risks for helping me out of this mess xD
[2020-02-19 13:28:53] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:28:53] [NOTICE] [google] OK (DoH) - rtt: 91ms [2020-02-19 13:28:53] [NOTICE] Server with the lowest initial latency: google (rtt: 91ms) [2020-02-19 13:28:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
--> that means dnscrypt is running & if you dig google.com @127.0.0.1 -p 5392
also and it work's everything is good
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -resolve github.com
:) nice nooby failer (sorry about smiling here, i do this fail also from time to time)
explanation short:
you should do sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config dnscrypt-proxy.toml -resolve google.com
then it works for TESTING! so you forgot to tell DNSC where's the config file
explanation long:
by service dnscrypt-proxy start
the init programm runs DNSC with your config file. it looks good because 1. theres a logging file that tells me 2. you could dig something. so if you start another instance by sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config dnscrypt-proxy.toml -resolve google.com
it HAS to get an error. that's not a bug that's... so you try to drill a second hole in your still opened beercan. you could do that but it makes no sense :) (better open a second beer later).
So when i'm in this situation i just use the dig command.
Thanks for taking risks for helping me out of this mess xD
yeah my wife told me........... other words than thank you...
So what should i do ? I don't have error in pi hole diagnosis with 'pihole -p' command
go to next gasoline store / late night store / liquore store what ever-you-want, buy a sixpack and drink one on me
oke, back to business, let us analyse
service dnscrypt-proxy restart
sudo cat /var/log/dnscrypt-proxy.log
dig google.com @127.0.0.1 -p 5392
(dnscrypt port)dig google.com @127.0.0.1 -p 53
(dns standart port -> pihole)if point 4 works, than stand up and have fun ^^
[2020-02-19 13:28:53] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:28:53] [NOTICE] [google] OK (DoH) - rtt: 91ms [2020-02-19 13:28:53] [NOTICE] Server with the lowest initial latency: google (rtt: 91ms) [2020-02-19 13:28:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
--> that means dnscrypt is running & if you
dig google.com @127.0.0.1 -p 5392
also and it work's everything is goodpi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -resolve github.com
:) nice nooby failer (sorry about smiling here, i do this fail also from time to time) explanation short: you should do
sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config dnscrypt-proxy.toml -resolve google.com
then it works for TESTING! so you forgot to tell DNSC where's the config fileexplanation long: by
service dnscrypt-proxy start
the init programm runs DNSC with your config file. it looks good because 1. theres a logging file that tells me 2. you could dig something. so if you start another instance bysudo /opt/dnscrypt-proxy/dnscrypt-proxy -config dnscrypt-proxy.toml -resolve google.com
it HAS to get an error. that's not a bug that's... so you try to drill a second hole in your still opened beercan. you could do that but it makes no sense :) (better open a second beer later). So when i'm in this situation i just use the dig command.
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config /opt/dnscrypt-proxy/dnscrypt-proxy.toml -resolve google.com Resolving [google.com]
Domain exists: probably not, or blocked by the proxy Canonical name: - IP addresses: - TXT records: -
Doesn't seems to work ><
Thanks for taking risks for helping me out of this mess xD
yeah my wife told me........... other words than thank you...
So what should i do ? I don't have error in pi hole diagnosis with 'pihole -p' command
go to next gasoline store / late night store / liquore store what ever-you-want, buy a sixpack and drink one on me
oke, back to business, let us analyse
* [x] `service dnscrypt-proxy restart` * [x] `sudo cat /var/log/dnscrypt-proxy.log` * [x] `dig google.com @127.0.0.1 -p 5392` (dnscrypt port) * [ ] `dig google.com @127.0.0.1 -p 53` (dns standart port -> pihole)
if point 4 works, than stand up and have fun ^^
Last one didn't work
pi@Raspberry:~ $ dig google.com @127.0.0.1 -p 53
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 -p 53 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12795 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; Query time: 192 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: mer. fvr. 19 13:51:52 CET 2020 ;; MSG SIZE rcvd: 39
don't worry
use the DIG command as i wrote above, forgott the sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config /opt/dnscrypt-proxy/dnscrypt-proxy.toml -resolve google.com
command ;)
could you print me out
sudo cat /var/log/dnscrypt-proxy.log
dig google.com @127.0.0.1 -p 5392
dig google.com @127.0.0.1
b) what's going on, if you change dns server to 9.9.9.9 or 8.8.8.8 in pihole?
i'm thinking theres a problem in communication way pihole <> dnsc
could you print me out
sudo cat /var/log/dnscrypt-proxy.log
dig google.com @127.0.0.1 -p 5392
dig google.com @127.0.0.1
b) what's going on, if you change dns server to 9.9.9.9 or 8.8.8.8 in pihole?
i'm thinking theres a problem in communication way pihole <> dnsc
pi@Raspberry:~ $ sudo cat /var/log/dnscrypt-proxy.log dig google.com @127.0.0.1 -p 5392 dig google.com @127.0.0.1[2020-02-19 13:19:38] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:19:38] [NOTICE] Network connectivity detected [2020-02-19 13:19:38] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:19:38] [NOTICE] Source [relays.md] loaded [2020-02-19 13:19:38] [NOTICE] Firefox workaround initialized [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:19:38] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:19:39] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:19:39] [NOTICE] [google] OK (DoH) - rtt: 204ms [2020-02-19 13:19:39] [NOTICE] Server with the lowest initial latency: google (rtt: 204ms) [2020-02-19 13:19:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1 [2020-02-19 13:28:44] [NOTICE] Stopped. [2020-02-19 13:28:52] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:28:52] [NOTICE] Network connectivity detected [2020-02-19 13:28:52] [NOTICE] Source [relays.md] loaded [2020-02-19 13:28:52] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:28:52] [NOTICE] Firefox workaround initialized [2020-02-19 13:28:52] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:28:52] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:28:53] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:28:53] [NOTICE] [google] OK (DoH) - rtt: 91ms [2020-02-19 13:28:53] [NOTICE] Server with the lowest initial latency: google (rtt: 91ms) [2020-02-19 13:28:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1 [2020-02-19 13:50:02] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:50:02] [NOTICE] Network connectivity detected [2020-02-19 13:50:02] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:50:02] [NOTICE] Source [relays.md] loaded [2020-02-19 13:50:02] [NOTICE] Firefox workaround initialized [2020-02-19 13:50:02] [FATAL] listen udp 127.0.0.1:5392: bind: address already in use [2020-02-19 13:51:22] [NOTICE] Stopped. [2020-02-19 13:51:22] [NOTICE] dnscrypt-proxy 2.0.31 [2020-02-19 13:51:22] [NOTICE] Network connectivity detected [2020-02-19 13:51:22] [NOTICE] Source [public-resolvers.md] loaded [2020-02-19 13:51:22] [NOTICE] Source [relays.md] loaded [2020-02-19 13:51:22] [NOTICE] Firefox workaround initialized [2020-02-19 13:51:22] [NOTICE] Now listening to 127.0.0.1:5392 [UDP] [2020-02-19 13:51:22] [NOTICE] Now listening to 127.0.0.1:5392 [TCP] [2020-02-19 13:51:23] [INFO] [google] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 [2020-02-19 13:51:23] [NOTICE] [google] OK (DoH) - rtt: 86ms [2020-02-19 13:51:24] [NOTICE] Server with the lowest initial latency: google (rtt: 86ms) [2020-02-19 13:51:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1 pi@Raspberry:~ $ dig google.com @127.0.0.1 -p 5392
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 -p 5392 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17955 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 54 IN A 216.58.209.238
;; Query time: 97 msec ;; SERVER: 127.0.0.1#5392(127.0.0.1) ;; WHEN: mer. fvr. 19 14:00:32 CET 2020 ;; MSG SIZE rcvd: 55
pi@Raspberry:~ $ dig google.com @127.0.0.1
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1915 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; Query time: 188 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: mer. fvr. 19 14:00:36 CET 2020 ;; MSG SIZE rcvd: 39
My dns server is not 9.9.9.9 in pi hole or 8.8.8.8 it's 127.0.0.1#5392
My dns server is not 9.9.9.9 in pi hole or 8.8.8.8 it's 127.0.0.1#5392
i understand, but now just for testing please change to 8.8.8.8, so we have to figure out where's the problem (DNSC coudn't be, as it do dig)
and please, after all, update to 2.0.39 https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.39/dnscrypt-proxy-linux_arm-2.0.39.tar.gz
aaaa and just forgott, 2 years ago i run also a raspi as pihole server in homenetwork, the true is, that the little microsd fucked up (sorry about that word) after 5...6 months because of the 24/7 read/write prozesses. so at the moment i use since a year a thinkerboard S (16GB emmc storage on board). on it, theres all my private dns services (AdGuardHome, DNS), BOINC-Client and a tor relay, running 24/7/365. Just for your information. think about that if you wanna use pihole a longer time
My dns server is not 9.9.9.9 in pi hole or 8.8.8.8 it's 127.0.0.1#5392
i understand, but now just for testing please change to 8.8.8.8, so we have to figure out where's the problem (DNSC coudn't be, as it do dig)
and please, after all, update to 2.0.39 https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.39/dnscrypt-proxy-linux_arm-2.0.39.tar.gz
I need to put 8.8.8.8 everywhere in my rasp then ? To make the test
only where you write bevor 127.0.0.1#5392
other question, are piholeservice still running? what does pihole status
only where you write bevor 127.0.0.1#5392
other question, are piholeservice still running? what does
pihole status
pi@Raspberry:~ $ sudo cat /etc/resolv.conf Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1
Do i touch this one ?
pihole
pi@Raspberry:~ $ pihole status [✓] DNS service is running [✓] Pi-hole blocking is Enabled
EDIT : So i setup toml with this ?
List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. listen_addresses = ['127.0.0.1:53']
On my pi it's : 8.8.8.8:53 now
nope, /etc/resolv.conf looks good, only change in pihole
what's about
service pihole-FTL status
service pihole-FTL status
pi@Raspberry:~ $ service pihole-FTL status
fvr. 19 14:09:52 Raspberry.Pi systemd[1]: Starting LSB: pihole-FTL daemon... fvr. 19 14:09:52 Raspberry.Pi pihole-FTL[307]: Not running fvr. 19 14:10:04 Raspberry.Pi su[519]: (to pihole) root on none fvr. 19 14:10:04 Raspberry.Pi su[519]: pam_unix(su:session): session opened for user pihole by (uid=0) fvr. 19 14:10:07 Raspberry.Pi pihole-FTL[307]: FTL started! fvr. 19 14:10:07 Raspberry.Pi systemd[1]: Started LSB: pihole-FTL daemon.
a) nope, don't change everything on your dnscrypt configuration, it's now running and not the problem. please let i still on 127.0.0.1:5392
On my pi it's : 8.8.8.8:53 now
good, what does dig say?
On my pi it's : 8.8.8.8:53 now
good, what does dig say?
Same thing :'(
pi@Raspberry:~ $ dig google.com @127.0.0.1
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51451 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; Query time: 165 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: mer. fvr. 19 14:26:56 CET 2020 ;; MSG SIZE rcvd: 39
only dig google.com
and dig google.com @127.0.0.1 -p 5392
is still working?
It's setup like this now (to be sure i'm not messing somewhere)
only
dig google.com
and
dig google.com @127.0.0.1 -p 5392
is still working?pi@Raspberry:~ $ dig google.com
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26742 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; Query time: 187 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: mer. fvr. 19 14:29:01 CET 2020 ;; MSG SIZE rcvd: 39
It's seems it's still working
pi@Raspberry:~ $ dig google.com @127.0.0.1 -p 5392
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com @127.0.0.1 -p 5392 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22198 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 276 IN A 172.217.19.238
;; Query time: 329 msec ;; SERVER: 127.0.0.1#5392(127.0.0.1) ;; WHEN: mer. fvr. 19 14:29:36 CET 2020 ;; MSG SIZE rcvd: 55
oke i see the problem...
first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running
second, on pihole, remove the flag on DNSSEC
oke i see the problem...
first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running
second, on pihole, remove the flag on DNSSEC
Ok done.
It's working now !
Can we know configuring it through scaleway fr with relays and make sure this won't happen again even with a restart ?
oke i see the problem... first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running second, on pihole, remove the flag on DNSSEC
Ok done
dig result?
oke i see the problem... first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running second, on pihole, remove the flag on DNSSEC
Ok done
dig result?
pi@Raspberry:~ $ dig google.com
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8762 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 201 IN A 216.58.198.206
;; Query time: 86 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: jeu. fvr. 20 22:24:38 CET 2020 ;; MSG SIZE rcvd: 55
pi@Raspberry:~ $ sudo /opt/dnscrypt-proxy/dnscrypt-proxy -config /opt/dnscrypt-proxy/dnscrypt-proxy.toml -resolve google.com Resolving [google.com]
Domain exists: yes, 4 name servers found Canonical name: google.com. IP addresses: 216.58.198.206, 2a00:1450:4007:80a::200e TXT records: docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8= v=spf1 include:_spf.google.com ~all facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95 docusign=1b0a6754-49b1-4db5-8540-d2c12664b289 Resolver IP: 74.125.47.10
oke i see the problem... first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running second, on pihole, remove the flag on DNSSEC
Ok done.
It's working now !
Can we know configuring it through scaleway fr with relays and make sure this won't happen again even with a restart ?
oke boy, the problem is the follow (take popcorn, it's a long story)
a) long years ago there is a dns-server called dnsmasq. the people of pihole modify dnsmasq in certain ways (caching and performance boost). so when i talking about dnsmasq, that's the same think at the moment as pihole backend, oki? it' makes thinks more eaysier to complain. and you find more results on google
b) to check dnssec, dnsmasq has to downlaod the current key's from iana server. or you have to put it manualy in the config files (example /etc/dnsmasq.d/*.conf
or /etc/dnsmasq.conf
). THAT'S very very important, no key, no dnssec, no resolving
do you understand this? that was the problem you had to fight with it
Can we know configuring it through scaleway fr with relays and make sure this won't happen again even with a restart ?
give me 2 minutes, i'll write you a config file
oke i see the problem... first at all, don't touch at now DNSC, ok? Dig shows, that DNSC is still running second, on pihole, remove the flag on DNSSEC
Ok done. It's working now ! Can we know configuring it through scaleway fr with relays and make sure this won't happen again even with a restart ?
oke boy, the problem is the follow (take popcorn, it's a long story)
a) long years ago there is a dns-server called dnsmasq. the people of pihole modify dnsmasq in certain ways (caching and performance boost). so when i talking about dnsmasq, that's the same think at the moment as pihole backend, oki? it' makes thinks more eaysier to complain. and you find more results on google b) to check dnssec, dnsmasq has to downlaod the current key's from iana server. or you have to put it manualy in the config files (example
/etc/dnsmasq.d/*.conf
or/etc/dnsmasq.conf
). THAT'S very very important, no key, no dnssec, no resolvingdo you understand this? that was the problem you had to fight with it
I didn't see anything about that in their tutorials... Where i can even find this key ? When i've made the install everything was working well even on 127.0.0.1#5392 as dns for pi hole :/
So i can't even check DNSSEC and the other options on pi hole ?
# server_names=['scaleway-fr','doh-crypto-sx','scaleway-ams','cloudflare','google']
### my opinion is to let server_names empty. DNSC should manage itself which resolver it tooks. thats way better to privace
listen_addresses = ['127.0.0.1:5392', '[::1]:5392']
max_clients = 250
ipv4_servers = true
ipv6_servers = true
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nolog = true
require_nofilter = true
lb_strategy = 'ph'
lb_estimator = true
force_tcp = false
timeout = 250
keepalive = 30
log_level = 1
log_file = '/var/log/dnscrypt-proxy.log'
cert_refresh_delay = 60
tls_cipher_suite = [52392, 49199,4865, 4867]
fallback_resolver = '9.9.9.9:53'
ignore_system_dns = true
netprobe_timeout = 60
netprobe_address = "9.9.9.9:53"
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
block_ipv6 = false
cache = true
#cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
[query_log]
format = 'tsv'
[nx_log]
format = 'tsv'
[blacklist]
#blacklist_file='/etc/dnscrypt-proxy/blacklist.txt'
[ip_blacklist]
[whitelist]
[schedules]
[sources]
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 24
prefix = ''
[anonymized_dns]
## Define one or more routes, i.e. indirect ways to reach servers.
## A set of possible relay servers is assigned to each DNS resolver.
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name, if
## the server is in the servers_list.
routes = [
{ server_name='*', via=['sdns://gRE1MS4xNTguMTA2LjQyOjQ0Mw','sdns://gRE1MS4xNS4xMDYuMTc2OjQ0Mw','sdns://gRIxMzkuOTkuMjIyLjcyOjg0NDM','sdns://gR5bMmEwMzpiMGMwOjE6ZTA6OjJlMzplMDAxXTo0NDM','sdns://gRI4OS4xNjMuMjE0LjE3NDo0NDM','sdns://gRE>
]
[static]
So i can't even check DNSSEC and the other options on pi hole ?
https://www.supertechcrew.com/dnsmasq-caching-dnssec/
try sudo nano /etc/dnsmasq.conf
sudo nano /etc/dnsmasq.conf
pi@Raspberry:~ $ sudo nano /etc/dnsmasq.d/0 01-pihole.conf 02-lan.conf
I need to setup both of them ?
aaah ok, good
try sudo nano 03-dnssec.conf
so create a third file, if it' sucks, you could only delete it without distruct something
sudo nano 03-dnssec.conf
https://data.iana.org/root-anchors/root-anchors.xml
It's outdated i think
From the tutorial this is my 03-dnssec.conf
resolv-file=/etc/resolv.dnsmasq.conf domain-needed bogus-priv strict-orderstrict-order nameserver 127.0.0.1 conf-file=/usr/share/dnsmasq/trust-anchors.conf dnssec dnssec-check-unsigned
sudo nano /etc/dnsmasq.d/03-dnssec.conf
########file 03-dnssec.conf#####
# DNSSEC setup
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec-check-unsigned
#proxy-dnssec ##alternative solution
service pihole-FTL restart && service pihole-FTL status
dig sigok.verteiltesysteme.net
dig sigfail.verteiltesysteme.net
or dnssec testing: https://dnssec.vs.uni-due.de/
sudo nano 03-dnssec.conf
https://data.iana.org/root-anchors/root-anchors.xml
It's outdated i think
From the tutorial this is my 03-dnssec.conf
i wrote you still a conf file ;)
sudo nano 03-dnssec.conf
https://data.iana.org/root-anchors/root-anchors.xml It's outdated i think From the tutorial this is my 03-dnssec.conf
i wrote you still a conf file ;)
pi@Raspberry:~ $ sudo nano /etc/dnsmasq.d/03-dnssec.conf pi@Raspberry:~ $ pi@Raspberry:~ $ service pihole-FTL restart && service pihole-FTL status ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === [Invalid UTF-8] Authenticating as: root Password: pi@Raspberry:~ $ sudo service pihole-Fusage: sudo -h | -K | -k | -V usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command] usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [
] usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ... TLpi@Raspberry:~ $ sudo service pihole-FTL restart && service pihole-FTL status
- pihole-FTL.service - LSB: pihole-FTL daemon Loaded: loaded (/etc/init.d/pihole-FTL; generated) Active: active (exited) since Thu 2020-02-20 23:03:47 CET; 164ms ago Docs: man:systemd-sysv-generator(8) Process: 11143 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
fvr. 20 23:03:46 Raspberry.Pi systemd[1]: Starting LSB: pihole-FTL daemon... fvr. 20 23:03:46 Raspberry.Pi pihole-FTL[11143]: Not running fvr. 20 23:03:46 Raspberry.Pi su[11187]: (to pihole) root on none fvr. 20 23:03:46 Raspberry.Pi su[11187]: pam_unix(su:session): session opened for user pihole by (uid=0) fvr. 20 23:03:47 Raspberry.Pi pihole-FTL[11143]: FTL started! fvr. 20 23:03:47 Raspberry.Pi su[11187]: pam_unix(su:session): session closed for user pihole fvr. 20 23:03:47 Raspberry.Pi systemd[1]: Started LSB: pihole-FTL daemon. pi@Raspberry:~ $ dig sigok.verteiltesysteme.net
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> sigok.verteiltesysteme.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64331 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;sigok.verteiltesysteme.net. IN A
;; ANSWER SECTION: sigok.verteiltesysteme.net. 60 IN A 134.91.78.139
;; Query time: 1780 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: jeu. fvr. 20 23:04:11 CET 2020 ;; MSG SIZE rcvd: 71
pi@Raspberry:~ $ dig sigfail.verteiltesysteme.net
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> sigfail.verteiltesysteme.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38853 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;sigfail.verteiltesysteme.net. IN A
;; Query time: 996 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: jeu. fvr. 20 23:04:24 CET 2020 ;; MSG SIZE rcvd: 57
Subject
Description
After a brutal shutdown off the multiplug where was my raspberry pi and a restart i can't reach domains anymore with any DNSCrypt (tired with scalewayfr google and cloudflare) :
Ex:
This is my pi hole DNS configuration :
This is my DNS parameter in dnscrypt-proxy.toml :
All of this is setup on the same local network. And pi hole is listening on all interfaces.
Please can you help me to fix this asap and give me indications for this to not happen again ? Best regards
EDIT : This is the guide i've follow to my use for the setup https://www.derekseaman.com/2019/09/how-to-pi-hole-plus-dnscrypt-setup-on-raspberry-pi-4.html