Closed BugKun closed 4 years ago
jedisct1
commented
4 years ago There is a great Docker image with dnscrypt-proxy here: https://github.com/klutchell/dnscrypt-proxy
It is well maintained and quite a few people seem to be using it.
You probably know Docker more than I do, but that image seems to be using port 5053 while you use port 53 inside the container. Maybe port 53 is already used internally by Docker.
BugKun
commented
4 years ago There is a great Docker image with
dnscrypt-proxyhere: https://github.com/klutchell/dnscrypt-proxyIt is well maintained and quite a few people seem to be using it.
You probably know Docker more than I do, but that image seems to be using port
5053while you use port53inside the container. Maybe port53is already used internally by Docker.
You might have a misunderstanding here cause my poor English.
The question is not from docker. Even I directly install dnscrypt-proxy in my ubuntu server. It only works in the ubuntu server. And other device can not use it, such as my laptop, my cellphone, my TV, etc. And they are all on the same home network. And I am sure I have setup the right dns address.
welwood08
commented
4 years ago I notice you're using 127.0.0.1 in your testing, are you aware this address is by definition local-only? If you remove this from your listen address configuration, you should be able to reach the service from other devices on your network (at least without Docker, I don't know about how Docker networking works).
BugKun
commented
4 years ago I notice you're using 127.0.0.1 in your testing, are you aware this address is by definition local-only? If you remove this from your listen address configuration, you should be able to reach the service from other devices on your network (at least without Docker, I don't know about how Docker networking works).
Yep, I know, but In my own understanding, If I remove it from the dnscrypt-proxy.toml, It obviously can not work. So should I remove this from dnscrypt-proxy.toml, or change some other options?
Here is my dnscrypt-proxy.toml.
listen_addresses = ["127.0.0.1:53"]
max_clients = 250
ipv4_servers = true
ipv6_servers = false
disabled_server_names = []
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nolog = true
require_nofilter = true
daemonize = false
force_tcp = false
dnscrypt_ephemeral_keys = false
tls_disable_session_tickets = false
offline_mode = false
timeout = 5000
keepalive = 30
lb_estimator = false
netprobe_timeout = 60
netprobe_address = "9.9.9.9:53"
log_level = 0
log_file = "/root/dnscrypt-proxy/config/dnscrypt-proxy.log"
use_syslog = false
cert_refresh_delay = 240
fallback_resolvers = ["8.8.8.8:53"]
ignore_system_dns = true
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
block_ipv6 = true
block_unqualified = true
block_undelegated = true
reject_ttl = 600
forwarding_rules = "/root/dnscrypt-proxy/config/forwarding-rules.txt"
cache = true
cache_size = 1024
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
[query_log]
format = "ltsv"
file = "/root/dnscrypt-proxy/config/query.log"
[nx_log]
format = "ltsv"
[blacklist]
[ip_blacklist]
[anonymized_dns]
skip_incompatible = false
[broken_implementations]
fragments_blocked = ["cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6", "quad9-dnscrypt-ip4-filter-alt", "quad9-dnscrypt-ip4-filter-pri", "quad9-dnscrypt-ip4-nofilter-alt", "quad9-dnscrypt-ip4-nofilter-pri", "quad9-dnscrypt-ip6-filter-alt", "quad9-dnscrypt-ip6-filter-pri", "quad9-dnscrypt-ip6-nofilter-alt", "quad9-dnscrypt-ip6-nofilter-pri", "cleanbrowsing-adult", "cleanbrowsing-family-ipv6", "cleanbrowsing-family", "cleanbrowsing-security"]
[sources]
[sources.public-resolvers]
urls = ["https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md", "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"]
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"
cache_file = "/root/dnscrypt-proxy/config/public-resolvers.md"
refresh_delay = 0
prefix = ""
[sources.relays]
urls = ["https://github.com/DNSCrypt/dnscrypt-resolvers/raw/master/v2/relays.md", "https://download.dnscrypt.info/resolvers-list/v2/relays.md"]
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"
cache_file = "/root/dnscrypt-proxy/config/relays.md"
refresh_delay = 72
prefix = ""By "remove this from your listen address", I mean listen_addresses = [":53"]. This is a valid address string and in the context of a listener means "all interfaces".
BugKun
commented
4 years ago By "remove this from your listen address", I mean
listen_addresses = [":53"]. This is a valid address string and in the context of a listener means "all interfaces".
Wow, It Works. Thank you so much.
Subject
Description
First, I made a docker container with dnscrypt-proxy. This is the
Dockerfile.And the listen address is
127.0.0.1:53. I started it with this command.docker run -p 53:53/udp -p 53:53/tcp -v ~/test/config:/root/dnscrypt-proxy/config -d dns:testThen I run this commandnslookup www.google.com 127.0.0.1The feedback is;; connection timed out; no servers could be reachedAnd I try to run it in the container. It works. The second trying is that I directly install it without docker in ubuntu server. And the result is same. It only works in local. But other devices can not access on the same home network.