Issues with blacklist in 2.0.16.

[cedws]

Apologies in advance, I am sure I'm just doing something wrong. I have a list of domains in blacklist.txt, and I have configured dnscrypt-proxy.toml to use it as so. Unfortunately, this blacklist doesn't seem to be working, as I am able to visit sites defined within it.

[blacklist]

  ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
  blacklist_file = 'blacklist.txt'
  ## Optional path to a file logging blocked queries
  # log_file = 'blocked.log'
  ## Optional log format: tsv or ltsv (default: tsv)
  # log_format = 'tsv

$ ls /etc/dnscrypt-proxy/
blacklist.txt  dnscrypt-proxy.toml  dnscrypt-proxy.toml.dpkg-old  forwarding-rules.txt  public-resolvers.md  public-resolvers.md.minisig

$ service dnscrypt-proxy status
● dnscrypt-proxy.service - DNSCrypt-proxy client
   Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-07-24 22:08:43 BST; 8min ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
 Main PID: 18676 (dnscrypt-proxy)
    Tasks: 16 (limit: 4915)
   CGroup: /system.slice/dnscrypt-proxy.service
           └─18676 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [WARNING] /etc/dnscrypt-proxy/public-resolvers.md: open sf-ilf2bcbq3wjjqrsw.tmp: read-only file system
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [WARNING] /etc/dnscrypt-proxy/public-resolvers.md.minisig: open sf-jgt52ambznzrgq22.tmp: read-only file system
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] Source [public-resolvers.md] loaded
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] dnscrypt-proxy 2.0.16
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] Loading the set of blocking rules from [blacklist.txt]
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] Wiring systemd UDP socket #1, dnscrypt-proxy.socket, 127.0.2.1:53
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] [cloudflare] OK (DoH) - rtt: 39ms
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] Server with the lowest initial latency: cloudflare (rtt: 39ms)
Jul 24 22:08:44 ce dnscrypt-proxy[18676]: [2018-07-24 22:08:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1

$ nslookup resolver.dnscrypt.org
Server:         1.1.1.1
Address:        1.1.1.1#53
Non-authoritative answer:
Name:   resolver.dnscrypt.org
Address: 185.53.178.9

[cedws]

Yep, as suspected, my resolvconf configuration was incorrect. I assumed that because 1.1.1.1 was being shown as the resolver that it was correct, but no. Thanks.

[cedws]

As a reference for anyone else in future, I added nameserver 127.0.2.1 (the address that dnscrypt-proxy is bound to may differ for you) to /etc/resolvconf/resolv.conf.d/base, and then restarted resolvconf by running sudo service resolvconf restart.