Noxwizard / dnscrypt-winclient

Windows client for managing the DNSCrypt Proxy
MIT License
404 stars 81 forks source link

Enable DNSCrypt on IPv6 connections #4

Closed Noxwizard closed 12 years ago

Noxwizard commented 12 years ago

Currently, I only change the DNS servers for the IPv4 protocol of the card. If you have IPv6 support, you can have custom DNS servers there as well, which means at the moment those are not getting redirected to DNSCrypt.

Fixing this is a bit of a pain. I currently query WMI (Windows Management Instrumentation) for information about the network cards since the C# network interface classes are so lacking and are read only. Unfortunately, WMI has extremely limited support for reading IPv6 information. At the moment, it only supports the IP address field and nothing else.

The IPInterfaceProperties class can retrieve DNS listings for the card, but they also include DHCP assigned servers. This is why we have to look it up in the registry to see if an entry is automatic or static and then query against WMI for the addresses. This interface does let us see if a card supports IPv6 or not though.

All of this information is actually stored in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DEVICE ID} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{DEVICE ID} DNS server settings are listed in the NameServer entry. However, once you change the registry values, you have to restart the TCP/IP service before they go into effect.

So I think the only way to do this is to make a process call to netsh to configure the devices. netsh interface ip delete dns "Interface Name" all netsh interface ip add dns "Interface Name" 127.0.0.1 netsh interface ipv6 delete dns "Interface Name" all netsh interface ipv6 add dns "Interface Name" ::1

Noxwizard commented 12 years ago

Actually, I'm not sure that DNSCrypt supports this right now. By default, it binds to 127.0.0.1, so I'd need to set --local-address to ::1 before launching the proxy. However, a quick test reported that it was unable to bind to ::1, which means the proxy has to be launched on IPv4.

From what I've read about dual support on Windows, IPv6 is used if it's set, otherwise, IPv4 is. So if the user has custom DNS servers on both protocols for the adapter, IPv6 is given preference. If neither is set, it uses IPv4.

So that means I should unset the IPv6 DNS settings and only point the IPv4 protocol to 127.0.0.1. I suppose it's safe to assume that no one's going to turn off IPv4 support on their NIC. I believe versions of Windows prior to Windows 7/Server 2008 don't actually support DNS resolution over IPv6 anyway, so it's probably best to always route over IPv4, even if the proxy itself chooses to connect over IPv6.

Noxwizard commented 12 years ago

Partially implemented in be32ae678c.

MickeyBadBad commented 11 years ago

thanks .

i think can we change File ApplicationForm.cs:115 111111111 this place ?

Noxwizard commented 11 years ago

Did you read this ticket? The last time I looked into it, the proxy can't bind locally on IPv6 (::1). If you look at the line right above the one you're pointing to, you'll see where I had previously attempted redirecting to a local IPv6 connection.

MickeyBadBad commented 11 years ago

Sorry dude , my english not good . yeah i find it . may be it`s OpenDNS problem .....