Closed ghost closed 6 years ago
my .service file:
[Unit]
Description=Encrypted/authenticated DNS proxy
ConditionFileIsExecutable=/opt/dnscrypt-proxy/dnscrypt-proxy
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy
WorkingDirectory=/opt/dnscrypt-proxy
Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/dnscrypt-proxy
[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target
maybee I have a bad wrong config?
I set dnscrypt servers to automatic @ sources.
But I don't know how to set "server_names" and which are good to use.
Result of:
lsof -i -P -n
dhclient 448 root 6u IPv4 13454 0t0 UDP *:68
dhclient 541 root 7u IPv4 11908 0t0 UDP *:68
dhclient 609 root 6u IPv4 11930 0t0 UDP *:68
systemd-r 699 systemd-resolve 11u IPv4 10909 0t0 UDP *:5355
systemd-r 699 systemd-resolve 14u IPv4 13175 0t0 TCP *:5355 (LISTEN)
lighttpd 745 www-data 4u IPv4 13158 0t0 TCP *:80 (LISTEN)
pihole-FT 766 pihole 4u IPv4 13134 0t0 UDP *:53
pihole-FT 766 pihole 5u IPv4 13135 0t0 TCP *:53 (LISTEN)
pihole-FT 766 pihole 8u IPv4 10898 0t0 TCP *:4711 (LISTEN)
pihole-FT 766 pihole 11u IPv4 26063 0t0 UDP *:32128
pihole-FT 766 pihole 14u IPv4 26064 0t0 UDP *:6506
dnscrypt- 3029 root 6u IPv4 27519 0t0 UDP 127.0.2.2:53000
dnscrypt- 3029 root 7u IPv4 27520 0t0 TCP 127.0.2.2:53000 (LISTEN)
listen_addresses = ['127.0.2.2:53000']
This has to be 127.0.2.2:53
if you want to put 127.0.2.2
in /etc/resolv.conf
. The DNS standard port is 53 and it is the only port supported by Linux.
All services are running without any error.
I pinged 127.0.2.2 (dnscrypt-proxy) on my client, I got answer.
I pinged 127.0.0.1 localhost, I got answer.
I added 127.0.2.2 directly to resolv.conf, does not work.
I added 127.0.2.2 to dnsmasq.conf and tried "server=127.0.2.2 no-resolv", does not work.
No resolv with dnscrypt-proxy v2.
Here is my result of the log file: [2018-08-17 18:23:10] [NOTICE] Source [public-resolvers.md] loaded [2018-08-17 18:23:10] [NOTICE] dnscrypt-proxy 2.0.16 [2018-08-17 18:23:10] [NOTICE] Loading the set of whitelisting rules from [whiteLIST.txt] [2018-08-17 18:23:10] [NOTICE] Now listening to 127.0.2.2:53000 [UDP] [2018-08-17 18:23:10] [NOTICE] Now listening to 127.0.2.2:53000 [TCP] [2018-08-17 18:23:10] [NOTICE] [arvind-io] OK (crypto v2) - rtt: 175ms [2018-08-17 18:23:10] [NOTICE] [cloudflare] OK (DoH) - rtt: 9ms [2018-08-17 18:23:10] [NOTICE] [d0wn-is-ns2] OK (crypto v1) - rtt: 59ms [2018-08-17 18:23:10] [NOTICE] [d0wn-nl-ns4] OK (crypto v1) - rtt: 19ms [2018-08-17 18:23:11] [NOTICE] [d0wn-tz-ns1] OK (crypto v1) - rtt: 167ms [2018-08-17 18:23:11] [NOTICE] [de.dnsmaschine.net] OK (crypto v2) - rtt: 21ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.ca-1] OK (crypto v1) - rtt: 98ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.ca-2] OK (crypto v1) - rtt: 98ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.eu-dk] TIMEOUT [2018-08-17 18:23:11] [NOTICE] [dnscrypt.eu-nl] OK (crypto v1) - rtt: 19ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.me] OK (crypto v2) - rtt: 16ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.nl-ns0] OK (crypto v2) - rtt: 18ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.nl-ns0-doh] OK (DoH) - rtt: 18ms [2018-08-17 18:23:11] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 56ms [2018-08-17 18:23:16] [NOTICE] [ev-us] OK (crypto v2) - rtt: 170ms [2018-08-17 18:23:17] [NOTICE] [freetsa.org] OK (crypto v1) - rtt: 167ms [2018-08-17 18:23:17] [NOTICE] [ipredator] OK (crypto v1) - rtt: 31ms [2018-08-17 18:23:17] [NOTICE] [publicarray-au] OK (crypto v2) - rtt: 306ms [2018-08-17 18:23:17] [NOTICE] [publicarray-au2] OK (crypto v2) - rtt: 294ms
@ jedisct1 , ok, thanks and how to get PIHOLE + dnscrypt-proxy to work together because PIHOLE uses port 53 also.
Maybee this config works? listen_addresses = ['127.0.2.2:53']
and PIHOLE = 127.0.0.1:53
Process: 3092 ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy (code=exite d, status=255) Main PID: 3092 (code=exited, status=255)
Aug 17 18:26:36 DietPi systemd[1]: dnscrypt-proxy.service: Unit entered failed state. Aug 17 18:26:36 DietPi systemd[1]: dnscrypt-proxy.service: Failed with r
If you want to use PiHole and DNSCrypt. You should use PiHole as your resolver and not DNSCrypt.
I changed "dnscrypt-proxy" to: 127.0.2.2:53
Result: Process: 3339 ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy (code=exited, status=255) Main PID: 3339 (code=exited, status=255)
systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.
dnscrypt-proxy.service: Failed with result 'exit-code'.
when I change in dnscrypt-proxy.toml to: 127.0.2.2:53
I got this on terminal: dnscrypt-proxy.service: Failed with result 'exit-code'
with 127.0.2.2:53000 it works, with 127.0.2.2:53 not, some idea?
Use 53000 and add it to Pihole upstream dns as 127.0.2.2#53000 and point your system dns to pihole ip and NOT dnscrypt.
yes, but it don't work in pihole, no resolv with port 53000 but dnscrypt-proxy.service started with it. with port 53 = error because pihole.
If you do not point your system DNS to PiHole than PiHole is installed with no use, it is a pointless installation since you won't make use of it. Try running DNSCrypt on a lower port, for example port 54 which is what I use and my Pihole runs on 53.
Than point your system dns to PiHole IP, NOT dnscrypt.
It all works if you configure it right :)
I done it point in DNS under pihole 127.0.2.2:53000 + resolv.conf = 127.0.0.1 but no resolv of any site. When I change nameserver in resolv.conf example 9.9.9.9, then resolving works.
Do you even have PiHole configured to use a DNS resolver? If not than PiHole will not resolve anything. Select a DNS server in PiHole admin page. If you wish to use DNSCrypt than you have to add it to PiHole DNS settings page like this 127.0.2.2#53000 in Pihole and NOT 127.0.2.2:53000
How I added mine to PiHole. https://itchy.nl/content/images/2018/07/pihole-ftldns-custom-dns-port.png
Now, it is working thanks for help :) @ Yinchie.
This config is working fine, in "dnscrypt-proxy.toml" changed to "listen_addresses = ['127.0.0.1:54']
and PIHOLE DNS @ AdminPage = CUSTOM_DNS1=127.0.0.1#54
Hi!
I can't resolve with DNScrypt-proxy V2.
service dnscrypt-proxy is running (green)
my dnscrypt-proxy .toml config file:
I can ping 127.0.2.2... I got answer.
When I'll try out to add 127.0.2.2 directly into /etc/resolv.conf No sites resolving.
With nameserver 127.0.0.1 into resolv.conf also.
pihole/FTLDNS + dnscrypt-proxy v2 also don't work together.
with another nameserver into resolv.conf like 9.9.9.9 I can resolv sites, but without "dnscrypt-proxy v2" :-(
With dnscrypt-proxy v2. I can't visit sites, sites not resolving.
Please help, thanks!