just some problem (windows).

[lessload]

As i read on #996 This is the thing we looking for ,the good thing your should improve if you have time and really care about privacy. if it done while offline it may solve NCSI problem on windows.

[jedisct1]

Can you clarify what the issue is? Is this a bug?

Given a vanilla Windows (or is it a generic issue that affects other platforms?) installation, what exact steps have to be made, what happened and what should have happened instead? (please no "doesn't work" or "fails", these never help).

I don't know much about Windows, not even what NCSI is, so if this is a Windows issue, try to describe the exact steps to follow in a noob-friendly way, so that they can be reproduced :)

Of course, if you know how to fix the problem, that would be useful as well!

[lessload]

Looking for something that @iWARR said. " if no md files in the directory, then offine installation will fail. " " If you can't install software offline, it's bad (especially on Windows)." Ok. you don't know much about Windows. I have some question

1. How does offline_mode = true work? runing and wait for internet -or- just running and not connect to resolver when have internet?
2. Why service stop itself when NCSI show as no internet ?
3. Why i got NCSI problem only when it need to update dnscrypt-resolvers ? ( i always set 127.0.0.1 to interface )

[jedisct1]

When set, offline_mode will not connect to any encrypted resolvers. It will still handle cloaking and fowarding to local servers.

I'm really sorry, but I don't understand the rest.

[lessload]

Ok, found 2,3 answer here #843 and i agree with @matbech (matbech last comment #843) Seem like windows shouldn't do the same way with linux. NCSI problem should solve if your follow @matbech comment.

.

you should not forget 88.14% of desktop user use Windows.

[ratscar]

Hi, I have been using dnscrypt-proxy (v2.0.25) in two separated networks with with Windows 10 workstations. I have not seen any NCSI issues thus far on any of my W10 workstations.

Just to verify that I interpreted NCSI correctly: NCSI is short for Network Connection Status Indicator When there is no internet access available Windows will show a notification on the Internet Access pictogram to indicate there is no internet access This can happen when DNS cannot be resolved because it will query a Microsoft domain.

Context about my setup Running version 2.0.25 on Alpine 3.10.1 Virtual Machine(VM)

8x Windows 10 workstations that can make requests to that VM Blocking any DNS requests to WAN (but the Alpine VM for fallback) Using servers cloudflare, scaleway-ams and scaleway-fr

If you like I can update to the latest version(2.0.42) and see if I can notice any changes

[lessload]

@ratscar This problem may not found on the system that always have internet. but in daily life usage. User not use their device everyday. When dnscrypt-resolver not update and still 127.0.0.1 in interface, The problem will appear.

[ratscar]

@lessload I am not totally getting what you mean, but doesn't that mean that the issue will still arise even without dnscrypt-proxy?

Can you explain more on how you are running dnscrypt-proxy?

[lessload]

I run it on my laptop. install it and run by dnscrypt-proxy.exe -service start and set wifi dns to 127.0.0.1. work fine. but if i'm not use laptop a few day, dnscrypt-resolver will outdated and wifi dns still 127.0.0.1, i will got NCSI problem. it seem like service stop itself when connect wifi but NCSI doesn't detect internet. ( i use only DNSCrypt not DoH )

Another problem i found when run service by *.bat. my script can detect internet and run dnscrypt-proxy immediately but script need to add delay between script for wait NCSI detect internet. if run it immediately, service will start and stop itself later.

Not sure why dnscrypt-proxy depend on NCSI but in Firefox(enabled DoH in browser) they not depent on NCSI and can access internet directly while NCSI show yellow alert.

What i'm looking for is dnscrypt-proxy should work when user always set wifi(or other interface) to 127.0.0.1.

@ratscar i have some question, Which kind of dns you use on dnscrypt-proxy ? DNSCrypt? DoH? DoH may not found such a problem. maybe.

[ratscar]

@ratscar i have some question, Which kind of dns you use on dnscrypt-proxy ? DNSCrypt? DoH? DoH may not found such a problem. maybe.

@lessload I use the "default" [sources.'public-resolvers'] seen in the config Both options are enabled so it uses dnscrypt protocol and DNS over HTTPs in my setup depending on what the server supports.

But looks like the main difference between your setup and mine is that you run it locally on your device and I have it on a separated device.

DoH in Firefox has static servers[1] configured so that's why it does not depend on dns requests.

So I presume what happens is you start your device and then dnscrypt-proxy starts and it tries to update the '[sources.'public-resolvers']' list but can't because it's not cached anymore or TTL expired of this list and tries to refresh but fails as it cannot resolve?

Might want to try setting up a static list and see if this still happens @lessload ?

[1] https://support.mozilla.org/en-US/kb/firefox-dns-over-https

[lessload]

Seems to be what you say. i'm not sure how dnscrypt-proxy work or detect internet. Why it depend on NCSI.? Why it stop itself when not detect internet ? (i already config netprobe_timeout = -1) I will try to static it later.

[lifenjoiner]

In my poor opinion, NCSI (Network Connection Status Indicator) alert is not a serious problem ...

Let's make things clear:

1. NCSI may just be an indicator for users as a notification. See what it really is and may affect https://support.microsoft.com/en-us/help/4494446/an-internet-explorer-or-edge-window-opens-when-your-computer-connects
2. dnscrypt-resolver works depending on at least one upstream DNS set succeesfully. This is approached by several steps: a. When startup, read cache_file, and then read the corresponding .minisig file to verify the cache_file. b. If it failed or expired, try to download from the urls as the online source. c. If the cache_file is still expired or all failed, it results to no valid upstream server, will exit.

I GUESS your concerns are:

1. The NCSI alert. annoying!? If you can surfer the net, let it go, or solve what it needs in the article ~
2. dnscrypt-resolver can't startup. Make sure your network are available. And an unreleased patch that allows using expired cache while startup downloading failed has been merged. Next release will be better.
3. Which is the first? Get a valid DNS to sovle all the queries --> Download needed files --> dnscrypt-resolver works --> better experiences :)

edit: add 'while startup downloading failed'

[lessload]

Thank for @ratscar reccommend me to try static sdns://. Now i found the Real Problem.!

• the problem was from out date *.md
• when dnscrypt-proxy start with out date *.md, they try to update directly without use existing DNSCrypt(server) and 127.0.0.1 still dns of interface(like wifi etc.),make dnscrypt-proxy can't access internet and stop themself later.

To fix this dnscrypt-proxy should try to update them self by existing DNSCrypt(server) after done update start process again. this problem should solve. and we can always set 127.0.0.1 as dns.

Sorry for my mistake ,this is not NCSI problem. @jedisct1

@lifenjoiner Thank for useless comment

[lifenjoiner]

@lessload

1. Hope you know your situation. What you know, and what you don't. It's not just others fault.
2. Describe you problems clear, especially the part others don't know.
3. Be grateful to anyone helps.
4. Be polite. Your reply hurts. I'm not going to help you anymore.

[lessload]

This topic too long to read and hard to understand. I will summarize in new topic.