Can't resolve with DNScrypt-proxy V2

[ghost]

Hi!

I can't resolve with DNScrypt-proxy V2.

service dnscrypt-proxy is running (green)

my dnscrypt-proxy .toml config file:

listen_addresses = ['127.0.2.2:53000']
max_clients = 250

#netprobe_timeout = 30

ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nolog = true
require_nofilter = true

force_tcp = false

timeout = 2500
keepalive = 30
lb_strategy = 'fastest'

use_syslog = false
cert_refresh_delay = 240
dnscrypt_ephemeral_keys = true
tls_disable_session_tickets = false
#tls_cipher_suite = [52392, 49199]

####//fallBACK_RESOLVER:
#fallback_resolver = '84.200.70.40:53'

ignore_system_dns = false

block_ipv6 = true

cache = false
cache_size = 512
cache_min_ttl = 600
cache_max_ttl = 86400
cache_neg_ttl = 60
cache_neg_max_ttl = 600

####//SERVERZ:

[static]

    [static.'publicarray-au2']
    stamp = 'sdns://AQcAAAAAAAAAEjM1LjIwMS4yMC4xNzk6ODQ0MyDbu252PopUsAoQmpOFc8eYC4rkr2nWINwVQPMlc8lN8xsyLmRuc2NyeXB0LWNlcnQuZG5zLnNlYnkuaW8'

I can ping 127.0.2.2... I got answer.

When I'll try out to add 127.0.2.2 directly into /etc/resolv.conf No sites resolving.

With nameserver 127.0.0.1 into resolv.conf also.

pihole/FTLDNS + dnscrypt-proxy v2 also don't work together.

with another nameserver into resolv.conf like 9.9.9.9 I can resolv sites, but without "dnscrypt-proxy v2" :-(

With dnscrypt-proxy v2. I can't visit sites, sites not resolving.

Please help, thanks!

[ghost]

my .service file:

[Unit]
Description=Encrypted/authenticated DNS proxy
ConditionFileIsExecutable=/opt/dnscrypt-proxy/dnscrypt-proxy

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy

WorkingDirectory=/opt/dnscrypt-proxy

Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/dnscrypt-proxy

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

maybee I have a bad wrong config?

[ghost]

I set dnscrypt servers to automatic @ sources.

But I don't know how to set "server_names" and which are good to use.

[ghost]

Result of:

 lsof -i -P -n

dhclient   448            root    6u  IPv4  13454      0t0  UDP *:68 
dhclient   541            root    7u  IPv4  11908      0t0  UDP *:68 
dhclient   609            root    6u  IPv4  11930      0t0  UDP *:68 
systemd-r  699 systemd-resolve   11u  IPv4  10909      0t0  UDP *:5355 
systemd-r  699 systemd-resolve   14u  IPv4  13175      0t0  TCP *:5355 (LISTEN)
lighttpd   745        www-data    4u  IPv4  13158      0t0  TCP *:80 (LISTEN)
pihole-FT  766          pihole    4u  IPv4  13134      0t0  UDP *:53 
pihole-FT  766          pihole    5u  IPv4  13135      0t0  TCP *:53 (LISTEN)
pihole-FT  766          pihole    8u  IPv4  10898      0t0  TCP *:4711 (LISTEN)
pihole-FT  766          pihole   11u  IPv4  26063      0t0  UDP *:32128 
pihole-FT  766          pihole   14u  IPv4  26064      0t0  UDP *:6506
dnscrypt- 3029            root    6u  IPv4  27519      0t0  UDP 127.0.2.2:53000 
dnscrypt- 3029            root    7u  IPv4  27520      0t0  TCP 127.0.2.2:53000 (LISTEN)

[jedisct1]

listen_addresses = ['127.0.2.2:53000']

This has to be 127.0.2.2:53 if you want to put 127.0.2.2 in /etc/resolv.conf. The DNS standard port is 53 and it is the only port supported by Linux.

[ghost]

All services are running without any error.

I pinged 127.0.2.2 (dnscrypt-proxy) on my client, I got answer.

I pinged 127.0.0.1 localhost, I got answer.

I added 127.0.2.2 directly to resolv.conf, does not work.

I added 127.0.2.2 to dnsmasq.conf and tried "server=127.0.2.2 no-resolv", does not work.

No resolv with dnscrypt-proxy v2.

Here is my result of the log file: [2018-08-17 18:23:10] [NOTICE] Source [public-resolvers.md] loaded [2018-08-17 18:23:10] [NOTICE] dnscrypt-proxy 2.0.16 [2018-08-17 18:23:10] [NOTICE] Loading the set of whitelisting rules from [whiteLIST.txt] [2018-08-17 18:23:10] [NOTICE] Now listening to 127.0.2.2:53000 [UDP] [2018-08-17 18:23:10] [NOTICE] Now listening to 127.0.2.2:53000 [TCP] [2018-08-17 18:23:10] [NOTICE] [arvind-io] OK (crypto v2) - rtt: 175ms [2018-08-17 18:23:10] [NOTICE] [cloudflare] OK (DoH) - rtt: 9ms [2018-08-17 18:23:10] [NOTICE] [d0wn-is-ns2] OK (crypto v1) - rtt: 59ms [2018-08-17 18:23:10] [NOTICE] [d0wn-nl-ns4] OK (crypto v1) - rtt: 19ms [2018-08-17 18:23:11] [NOTICE] [d0wn-tz-ns1] OK (crypto v1) - rtt: 167ms [2018-08-17 18:23:11] [NOTICE] [de.dnsmaschine.net] OK (crypto v2) - rtt: 21ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.ca-1] OK (crypto v1) - rtt: 98ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.ca-2] OK (crypto v1) - rtt: 98ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.eu-dk] TIMEOUT [2018-08-17 18:23:11] [NOTICE] [dnscrypt.eu-nl] OK (crypto v1) - rtt: 19ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.me] OK (crypto v2) - rtt: 16ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.nl-ns0] OK (crypto v2) - rtt: 18ms [2018-08-17 18:23:11] [NOTICE] [dnscrypt.nl-ns0-doh] OK (DoH) - rtt: 18ms [2018-08-17 18:23:11] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 56ms [2018-08-17 18:23:16] [NOTICE] [ev-us] OK (crypto v2) - rtt: 170ms [2018-08-17 18:23:17] [NOTICE] [freetsa.org] OK (crypto v1) - rtt: 167ms [2018-08-17 18:23:17] [NOTICE] [ipredator] OK (crypto v1) - rtt: 31ms [2018-08-17 18:23:17] [NOTICE] [publicarray-au] OK (crypto v2) - rtt: 306ms [2018-08-17 18:23:17] [NOTICE] [publicarray-au2] OK (crypto v2) - rtt: 294ms

[ghost]

@ jedisct1 , ok, thanks and how to get PIHOLE + dnscrypt-proxy to work together because PIHOLE uses port 53 also.

Maybee this config works? listen_addresses = ['127.0.2.2:53']

and PIHOLE = 127.0.0.1:53

[ghost]

Process: 3092 ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy (code=exite d, status=255) Main PID: 3092 (code=exited, status=255)

Aug 17 18:26:36 DietPi systemd[1]: dnscrypt-proxy.service: Unit entered failed state. Aug 17 18:26:36 DietPi systemd[1]: dnscrypt-proxy.service: Failed with r

[Yinchie]

If you want to use PiHole and DNSCrypt. You should use PiHole as your resolver and not DNSCrypt.

[ghost]

I changed "dnscrypt-proxy" to: 127.0.2.2:53

Result: Process: 3339 ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy (code=exited, status=255) Main PID: 3339 (code=exited, status=255)

systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

dnscrypt-proxy.service: Failed with result 'exit-code'.

[ghost]

when I change in dnscrypt-proxy.toml to: 127.0.2.2:53

I got this on terminal: dnscrypt-proxy.service: Failed with result 'exit-code'

with 127.0.2.2:53000 it works, with 127.0.2.2:53 not, some idea?

[Yinchie]

Use 53000 and add it to Pihole upstream dns as 127.0.2.2#53000 and point your system dns to pihole ip and NOT dnscrypt.

[ghost]

yes, but it don't work in pihole, no resolv with port 53000 but dnscrypt-proxy.service started with it. with port 53 = error because pihole.

[Yinchie]

If you do not point your system DNS to PiHole than PiHole is installed with no use, it is a pointless installation since you won't make use of it. Try running DNSCrypt on a lower port, for example port 54 which is what I use and my Pihole runs on 53.

Than point your system dns to PiHole IP, NOT dnscrypt.

It all works if you configure it right :)

[ghost]

I done it point in DNS under pihole 127.0.2.2:53000 + resolv.conf = 127.0.0.1 but no resolv of any site. When I change nameserver in resolv.conf example 9.9.9.9, then resolving works.

[Yinchie]

Do you even have PiHole configured to use a DNS resolver? If not than PiHole will not resolve anything. Select a DNS server in PiHole admin page. If you wish to use DNSCrypt than you have to add it to PiHole DNS settings page like this 127.0.2.2#53000 in Pihole and NOT 127.0.2.2:53000

How I added mine to PiHole. https://itchy.nl/content/images/2018/07/pihole-ftldns-custom-dns-port.png

[ghost]

Now, it is working thanks for help :) @ Yinchie.

This config is working fine, in "dnscrypt-proxy.toml" changed to "listen_addresses = ['127.0.0.1:54']

and PIHOLE DNS @ AdminPage = CUSTOM_DNS1=127.0.0.1#54