search

Gedsh / InviZible

Android application for online privacy and security
https://invizible.net
GNU General Public License v3.0
1.49k stars 103 forks source link

Custom public-resolvers source does not work #165

Closed 12425 closed 1 year ago

12425 commented 2 years ago

Hi, I have set up my own DNS server on my Raspberry Pi, and updated the source of public resolvers. However, the server doesn't appear in server list. It works if I manually add the sdns://... to the server list.

My settings:

DNSCrypt Settings -> Sources
['http://192.168.0.2/public-resolvers.md']

refresh_delay
1

The source file content:

curl http://192.168.0.2/public-resolvers.md
## pi

pi

sdns://...

So, when I set a custom upstream server source,

  1. Expected: Every 1 hour it will fetch the list and all the servers in the list will appear in Fast Settings -> Select DNSCrypt servers Actual: I don't see the new server.

  2. Expected: Other servers (not in source list) will disappear in Fast Settings -> Select DNSCrypt servers Actual: Other servers are still there.

  3. Is there a way to force trigger a fetch (instead of waiting for 1 hour)?

Thank you!

Gedsh commented 2 years ago

Hi,

My settings:

DNSCrypt Settings -> Sources ['http://192.168.0.2/public-resolvers.md']

I'm not sure if DNSCrypt can download the file from the local network. Even if it is possible, you should use the correct public-resolvers.md.minisig. Actually I can't help you to make a signature file. It's better to ask about it in the upstream project https://github.com/DNSCrypt/dnscrypt-proxy.

The source file content:

curl http://192.168.0.2/public-resolvers.md

Check if the original file contains similar content.

Expected: Every 1 hour it will fetch the list and all the servers in the list will appear in Fast Settings -> Select DNSCrypt servers Actual: I don't see the new server.

InviZible reads and displays public-resolvers.md each time you open the mentioned menu.

Expected: Other servers (not in source list) will disappear in Fast Settings -> Select DNSCrypt servers Actual: Other servers are still there.

When you properly overwrite the file, you will see everything as expected.

Is there a way to force trigger a fetch (instead of waiting for 1 hour)?

You can not do this more often than once every 1 hour. But I think this is more than enough. You can manually delete public-resolvers.md and restart DNSCrypt. It will immediately reload the missing file.

12425 commented 2 years ago

Tried a custom server list file with signature file, but it didn't work.

  1. Download minisign binary from https://github.com/jedisct1/minisign/releases/

  2. Generate a minisign key pair and get the publick key minisign -G

  3. Sign the custom server list file minisign -S -m public-resolvers.md

  4. In the app -> Backup & Restore -> SAVE SETTINGS

  5. Unzip the IZBackup*.zip

  6. Modify 'urls' and 'minisign_key' (with generated public key) in ./app_data/dnscrypt-proxy/dnscrypt-proxy.toml

[sources.'public-resolvers'] urls = ['https://mydomain.com/public-resolvers.md'] minisign_key = 'RW...'

Here I tried my custom domain with HTTPS enabled. The URL works with curl and wget. I can download the .md and .md.minisig and signature verified.

  1. Overwrite the 2 files with custom file and signature. ./app_data/dnscrypt-proxy/public-resolvers.md ./app_data/dnscrypt-proxy/public-resolvers.md.minisig

  2. Zip the folder and RESTORE SETTINGS in the app

  3. Start DNSCrypt, it says Attention InviZible Pro cannot start DNSCrypt! Please check ...

  4. I don't see anything in Logs but a COLLECT LOGS button. Any hint on this?

Thank you.

Gedsh commented 2 years ago

Start DNSCrypt, it says Attention InviZible Pro cannot start DNSCrypt! Please check ...

This means that you have broken the DNSCrypt configuration file. Check all options carefully.