dnscrypt-proxy not detect real internet connection.

DNSCrypt / dnscrypt-proxy

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

https://dnscrypt.info

ISC License

11.45k stars 1.01k forks source link

dnscrypt-proxy not detect real internet connection. #1212

Closed lessload closed 4 years ago

lessload commented 4 years ago

Bug found in dnscrypt-proxy for windows. Found in specific case when you add loopback to interface too fast (faster than Microsoft NCSI detect internet) it will cause dnscrypt-proxy can not load public-resolvers log: "System DNS configuration not usable yet, exceptionally resolving [raw.githubusercontent.com] using fallback resolvers over tcp" , becuase dnscrypt-proxy use or trust in Microsoft NCSI. some user will found this problem when start dnscrypt-proxy and add loopback before Microsoft NCSI detect internet (but have internet).

Loopback problem some time Microsoft NCSI cannot detect internet while apply loopback to interface.

To Fix It dnscrypt-proxy should test connection by itself like Microsoft NCSI do. or do something like this batch powershell -Command "Invoke-WebRequest https://pastebin.com/raw/RH3GW47Q -OutFile '%Temp%\dnscrypt-check.txt' " for /F "delims=:" %%I in (%Temp%\dnscrypt-check.txt) do (if /I "czd" == "%%I" (echo x > "%Temp%\dnscrypt-check.txt" && GoTo powershell) else (GoTo runSomething))

lessload commented 4 years ago

To Test It

remove all *.md & *.md.minisig from dnscrypt-proxy directory
run cmd as admin and run
reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v "PassivePollPeriod" /t REG_DWORD /d "120" /f ( default value is "5" )
connect your wifi and run dnscrypt-proxy immediately

as i try, dnscrypt-proxy will report as "System DNS configuration not usable yet, exceptionally resolving [raw.githubusercontent.com] using fallback resolver over tcp" because windows indicator still yellow but while windows indicator was yellow ,firefox work fine with internet.

UWP application have the same issue like dnscrypt-proxy, maybe because of language or function you compile with.

jedisct1 commented 4 years ago

If 127.0.0.1 is the resolver, and dnscrypt-proxy doesn't have any configuration to start, the fallback resolver is used. This is expected and has nothing to do with Windows.

lessload commented 4 years ago

If 127.0.0.1 is the resolver, and dnscrypt-proxy doesn't have any configuration to start, the fallback resolver is used. This is expected and has nothing to do with Windows.

127.0.0.1 not the resolver while i test. what i explain is when computer have internet but it got yellow alert on wifi symbol dnscrypt-proxy will report as "System DNS configuration not usable yet, exceptionally resolving [raw.githubusercontent.com] using fallback resolver over tcp" , dnscrypt-proxy not found internet while firefox was found. it hard to found this case because normal PassivePollPeriod just 5s. if you want to test it you need to extend PassivePollPeriod time.

iWARR commented 4 years ago

I've prepared the wiki material about NCSI on Windows and CMD file. https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Windows-NCSI

I beleive, most of the NCSI-relative questions should be resolved in the dnscrypt-proxy Git. I'm using this config for many years and I'm sure it will be useful for many newcomers.

My English is far from perfect, so if anybody wants to improve my sentences or fix smth., feel free to make a necessary edits (w/o loosing details, of course).