Bug: v0.4.3 causes false no internet connection notification

[user8446]

After the 0.4.3 update on W10 I have had the "no internet connection" in the network icon in the system tray. However, there is full internet access and running a DNS leak test shows everything is working correctly. Turning off simple dnscrypt on my network adaptor clears the error. Turning it back on brings it back. Rolling back to 0.4.2 does not fix this either yet there we're no other changes. Any ideas?

[iWARR]

Network Connectivity Status Indicator (NCSI)

You can try to make "Network Connectivity Status Indicator" (NCSI) much more faster, secure and restict MS spying on you every time you connect to the Internet.

Note: www.msftconnecttest.com replaces www.msftncsi.com starting with Windows 10 (1607). You can block this domains completely (through hosts file or some another way).

Make restore piont before you proceed.

0) Set DNSCrypt use other local IPs then default (127.0.0.1, 127.0.0.2), for example: 127.0.0.11, 127.0.0.12

1) Turn OFF NCSI active tests

1.1) GPO settings:

Computer Configuration -> Administrative Templates -> Internet Communication Management -> Internet Communication settings

Turn off Windows Network Connectivity Status Indicator active tests - [Enabled]

The same in the Registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]

    NoActiveProbe = 1

1.2) Turn Off checking NCSI for Internet completely (Connectivity Indicator still will work as expected):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet]

    EnableActiveProbing = 0

2) Set Loopback for NCSI connections

2.1) Check your hosts file. Make sure you have standard entries like this:

    127.0.0.1   localhost
    127.0.0.1   localhost.localdomain
    127.0.0.1   local

Also, if you do not use IPv6 and turned it off completely, comment entries:

    #   ::1     localhost
    #   ::1     localhost.localdomain

2.2) This settings, mainly, are for domains with own DNS-servers, but you can set them to loopback channel for your safety.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet]

    ActiveDnsProbeContent       = 127.0.0.1
    ActiveDnsProbeContentV6     = ::1

    ActiveDnsProbeHost      = localhost
    ActiveDnsProbeHostV6        = localhost

    ActiveWebProbeContent       = <empty>
    ActiveWebProbeContentV6     = <empty>

    ActiveWebProbeHost      = localhost.localdomain
    ActiveWebProbeHostV6        = localhost.localdomain

    ActiveWebProbePath      = <empty>
    ActiveWebProbePathV6        = <empty>

3) GPO settings: Probe host

Computer Configuration -> Administrative Templates -> Network -> Network Connectivity Status Indicator

Specify corporate DNS probe host address    - [Enabled]: <set IP of your DNSCrypt Primary server>
Specify corporate DNS probe host name       - [Enabled]: <set NameServer of your DNSCrypt Primary server>

Note:

Do not use FDQN host for setfificates (from the Simple DNSCrypt's Main Tab), but the NameServer (PTR) that use Primary server of you choice. Use robtex.com to find domain by IP.

For example (OpenDNS): host address: 208.67.222.222, host name:resolver1.opendns.com

---

Network Connectivity Status Indicator: https://technet.microsoft.com/en-us/library/cc766017(WS.10).aspx https://technet.microsoft.com/en-us/library/ee126135(v=ws.10).aspx

[user8446]

Thank you for that, it will help many!