Open bitlog2 opened 3 years ago
The dnscrypt-proxy devs posted another workaround, using the captive_portals feature of dnscrypt-proxy v2.0.45
Thank you, can confirm the added registry key worked
Looks like related to https://github.com/bitbeans/SimpleDnsCrypt/issues/516 https://github.com/dnscrypt/dnscrypt-proxy/wiki/Installation-Windows#troubleshooting
TLDR: gpedit.msc > Computer Configuration > Administrative Templates > Network > Network Connectivity Status Indicator. > Specify Global DNS > use global dns: enabled
Who is the bug affecting?
Windows 10 users of SimpleDnsCrypt
I am running Windows 10 2020H2 update, version "Version 10.0.19042.746" is shown in cmd.exe when it starts up.
What is affected by this bug?
Windows 10 NSCI fails to detect network connectivity. This means that Microsoft store apps, and Microsoft apps such as office cannot connect to the internet and function properly.
When does this occur?
When 1) SimpleDnsCrypt service is running, and you have "checked" your main network adapter in the SimpleDnsCrypt UI and 2) windows dns settings for your network adapter are set to "127.0.0.1" with NO secondary set
Where does it happen?
See above. It happens on Windows 10 computers running SimpleDnsCrypt without fallback DNS provider set up.
How do we replicate the issue?
Workaround: 1) Go to "network connections" > right click adapter > IPv4 > properties > add a secondary DNS server, like 1.1.1.1 > hit okay to save 2) Open SimpleDnsCrypt, then "uncheck" your network adapter. 3) Disable and re-enable network adapter, and NSCI check will work now
Doing step 2, I'm not sure of the security implications of this. The SimpleDnsCrypt server seems to still get dns queries and process them, but NCSI works now.
Expected behavior (i.e. solution)
SimpleDnsCrypt should automatically work when you install it. It should set primary dns provider to 127.0.0.1 AND set a secondary DNS provider to work around the NCSI issue.
Other Comments
It took me months to find the cause of this bug. I had 2 issues actually, one with SimpleDnsCrypt, and one with another piece of software, DisableWinTracking. DisableWinTracking was blocking msftncsi from dns in the hosts file. After fixing this, I narrowed the last issue down to SimpleDnsCrypt , which is built on top of dnscrypt-proxy. Both SimpleDnsCrypt and dnscrypt-proxy have the same issue, both require a secondary DNS server to be set on windows 10.
For anyone running DisableWinTracking, make sure you edit C:\Windows\System32\drivers\etc\hosts and add # before "0.0.0.0 msftncsi.com" and "0.0.0.0 www.msftncsi.com" . And then don't forget to add a secondary DNS provider like 1.1.1.1 in your network adapter > IPv4 dns settings if you're running SimpleDnsCrypt or dnscrypt-proxy. Users of SimpleDnsCrypt actually have to go one step further than this and unclick your network adapter in the SimpleDnsCrypt interface to get windows NCSI to work. You're welcome googlers :p.
I also posted this issue to the dnscrypt-proxy project, since both projects share a very similar issue, although SimpleDnsCrypt has one more bug beyond dnscrypt-proxy (you must uncheck your network adapter in SimpleDnsCrypt UI to make Windows NSCI work, in addition to the other workarounds). https://github.com/DNSCrypt/dnscrypt-proxy/issues/1594
keywords for googlers: nslookup dns.msftncsi.com www.msftncsi.com/ncsi.txt windows 10 no internet connection