search

GortCodex / DNSCrypt-Loader

A flexible and customizable bash script to manage DNSCrypt-proxy
MIT License
111 stars 24 forks source link

Parsing "dnscrypt-resolvers.csv" #5

Closed ravrican closed 8 years ago

ravrican commented 8 years ago

1 2 3

Update resolver.csv from official source - Ok /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv Name,Full name,Description,Location,Coordinates,URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record 4armed,4ARMED,DNSCrypt Server provided by www.4armed.com,France,,https://www.4armed.com,1,yes,yes,no,51.254.115.48:443,2.dnscrypt-cert.dnscrypt.4armed.io,FD3E:5887:63EA:17A9:1AF8:4325:DE82:1507:6ED0:01AB:2F9E:55DE:689B:F491:4D8E:526E, cisco,Cisco OpenDNS,Remove your DNS blind spot,Anycast,,https://www.opendns.com,1,no,no,no,208.67.220.220:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79, ......

GortCodex commented 8 years ago

Please delete all .csv files located in /usr/local/share/dnscrypt-proxy and update again. This error can be caused by strange characters in the .csv file that are interpreted incorrectly (such as & ^ and others). Additionally use the minisign https://github.com/jedisct1/minisign to ensure file integrity. thanks.

nahci13 commented 8 years ago

Hello Update resolver.csv from official source: Remote file dnscrypt-resolvers.csv not found. and loading failed if i manual download .csv and copy to folder: /usr/local/share/dnscrypt-proxy/ I installed minisign for SignCheck. same problem!

GortCodex commented 8 years ago

Some ideas: Looking at the screenshots of your post I realized that the contents of dnscrypt-resolvers.csv file is very different from currently available file. Seems a old version of file who can cause parsing errors. The update process will correct this error.

"Remote dnscrypt-resolvers.csv file not found." There seems to be an error in the connection to download the file. Please verify that you can access the file using the URL in your browser. Without a successful download the error will persist.

Please see this closed issue to more thoughts https://github.com/GortCodex/DNSCrypt-Loader/issues/4

Thanks.

GortCodex commented 8 years ago

I'm trying to reproduce the errors you are getting to be able to give more solution options

GortCodex commented 8 years ago

To debug the cause of this error would suggest this: the script tests the HTTP error code when trying to download the file resolvers.csv

200 = OK 404 = Not Found 301 = Moved Permanently "" = No remote response

To find out which error is being returned use the following command at the prompt:

curl --no-buffer --head https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv

Please post the results so I can help you guys

nahci13 commented 8 years ago

Thanks, and this results:

root@XXXX:~# curl --no-buffer --head https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
HTTP/2.0 200
server:nginx/1.9.12
date:Thu, 24 Mar 2016 12:08:55 GMT
content-type:application/binary
content-length:21013
last-modified:Thu, 24 Mar 2016 00:30:06 GMT
etag:"56f3350e-5215"
strict-transport-security:max-age=31536000; includeSubDomains; preload
vary:Accept-Encoding
x-content-type-options:nosniff
x-frame-options:DENY
x-xss-protection:1; mode=block
content-security-policy:default-src https: 'unsafe-inline'; reflected-xss block
accept-ranges:bytes
GortCodex commented 8 years ago

It's really hard to simulate the error here. You could try this change in the script ? So, please make a copy of /usr/local/sbin/dnscrypt-loader for safety e edit the file

vi /usr/local/sbin/dnscrypt-loader

Change the line 953:

if [$ {httpStatus} == "301"] || [$ {HttpStatus} == "404"] || [$ {HttpStatus} == "?" ]; Then

TO:

if [$ {httpStatus} == "301"] || [$ {HttpStatus} == "404"]; Then

Save the file and run the script

dnscrypt-loader

thanks!

nahci13 commented 8 years ago

Thanks, after change the line 953, now update is good work without error, but after Set primary(or secondary) DNS resolver : Loading failed like first post!

GortCodex commented 8 years ago

Ok, part of the problem is resolved. Now, assuming that you are running CentOS

Install dos2unix utility

yum install dos2unix

and run

dos2unix /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv

This will remove hidden characters in dnscrypt-resolvers.csv file.

run dnscrypt-loader again.

Thanks

nahci13 commented 8 years ago

Ok, this is result:

root@xx:~# dos2unix /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv
dos2unix: converting file /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv to Unix format ...

and, after run:

The file resolvers.csv has been changed or is corrupted.
Is strongly recommended download a new copy.
Your system may be leaking DNS queries.

The problem is still not resolved! Thanks

GortCodex commented 8 years ago

Ok, thank you for being patient; Please, disable minisign at line 154. Switch temporarily cEnableSignCheck = false to avoid the error occurred

if this fails can you tell which version of Linux you use ? I will create a VM to simulate your problem and will post a solution soon.

nahci13 commented 8 years ago

Thank you again! Not resolved! I use Kali Linux, Rolling Edition:

root@xxx:~# uname -a
Linux xxx 4.4.0-kali1-amd64 #1 SMP Debian 4.4.6-1kali1 (2016-03-18) x86_64 GNU/Linux

I am happy if I can help in the future to do! Good luck

ravrican commented 8 years ago

In first post flagged: Update resolver.csv from official source - Ok But if download from official source https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv with errors: curl: (60) SSL certificate problem: unable to get local issuer certificate Goal: add "-k" or "--insecure" for Curl in strings 946, 965, 968, 973, 976

Problem is not solved. See screenshots from first post # uname -a Linux cubieboard2 3.4.110-sun7i #3 SMP PREEMPT Sun Feb 28 17:15:36 CET 2016 armv7l armv7l armv7l GNU/Linux

ravrican commented 8 years ago

I comment "clear" and view this: dpl

GortCodex commented 8 years ago

I appreciated your diagnosis Ravrican, it seems that this error is specific to your distro. The version of "awk" used to make the parsing may be the cause of the problem. but I need to simulate it in specific VMs, otherwise will create incompatibilities with distros that do not have errors. Kali is the goal now.

skyl1ne commented 8 years ago

Same issues here on Linux Mint 17.3

uname -a Linux PHD-PC 3.13.0-83-generic #127-Ubuntu SMP Fri Mar 11 00:25:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Changing Line 953 per above resulted in:

/usr/local/sbin/dnscrypt-loader: line 962: syntax error near unexpected token else' /usr/local/sbin/dnscrypt-loader: line 962: else'

Thanks...

GortCodex commented 8 years ago

Hello skyl1ne, although we have a problem in specific versions, the error you mentioned seems a syntax error. Review the changes again. Only remove this piece of code on line 953:

|| [ $ { HttpStatus } == " ? " ]

and test again, tks

skyl1ne commented 8 years ago

Good news. Only removing this piece of code on line 953: || [ $ { HttpStatus } == " ? " ] worked.

Everything else remains identical to @ravrican 's issues above.

Thank you.

GortCodex commented 8 years ago

Hello there, sorry for the delay. I haven't had much time. I'm trying to work ASAP to resolve some incompatibilities. Tks!

skyl1ne commented 8 years ago

No hurry. Take your time.

GortCodex commented 8 years ago

I've posted a new release which fixes (maybe all) of the errors reported. You can download it directly from the Releases tab. This version was also tested in Kali # 1 SMP Debian 4.3.3-7kali2 (1/27/2016). Now you must install the 'g awk ' too. Read the manual for more details. Any problems let me know.

nahci13 commented 8 years ago

Thank you @GortCodex ! Installing or running in Kali without any error! But detect my DNS server in DNS Leak Test. Thanks

GortCodex commented 8 years ago

In an ideal environment you will not have other DNS resolvers working with dnscrypt-proxy. Caution on DNS configuration on routers, firewalls, DNS forwarders and cached DNS. This will prevent leaks

skyl1ne commented 8 years ago

Working here on Linux Mint 17.3 now.

Thank you.

V1NG4D0R commented 6 years ago

hello, I need help. I use linux kali on an external hdd, and I can not start dnscrypt I use the following command and the following message appears: root @ v1ng4d0r: ~ # systemctl restart dnscrypt-proxy Failed to restart dnscrypt-proxy.service: Unit dnscrypt-proxy.socket is not loaded properly: Invalid argument. See system logs and 'systemctl status dnscrypt-proxy.service' for details.

root @ v1ng4d0r: ~ # systemctl status dnscrypt-proxy ● dnscrypt-proxy.service - DNSCrypt client proxy    Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor p    Active: failed (Result: exit-code) since Fri 2018-01-26 11:19:05 UTC; 2h21m      Docs: man: dnscrypt-proxy (8)   Process: 1238 ExecStart = / usr / sbin / dnscrypt-proxy / etc / dnscrypt-proxy / dnscrypt-  Main PID: 1238 (code = exited, status = 1 / FAILURE)

Jan 26 11:19:05 v1ng4d0r systemd [1]: dnscrypt-proxy.service: Service hold-off ti Jan 26 11:19:05 v1ng4d0r systemd [1]: dnscrypt-proxy.service: Failed to schedule Jan 26 11:19:05 v1ng4d0r systemd [1]: dnscrypt-proxy.service: Failed with result lines 1-10 / 10 (END)