Open Dejan1969 opened 2 years ago
What's the full log? journalctl --boot --unit=fdns.service
user@pi:~$ sudo journalctl --boot --unit=fdns.service
-- Logs begin at Wed 2020-04-01 17:23:43 UTC, end at Sat 2021-07-17 06:48:03 UTC. --
Jul 16 20:06:42 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:06:42 pi fdns[1570]: Error: invalid proxy address
Jul 16 20:06:42 pi systemd[1]: fdns.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 20:06:42 pi systemd[1]: fdns.service: Failed with result 'exit-code'.
Jul 16 20:06:42 pi systemd[1]: fdns.service: Scheduled restart job, restart counter is at 1.
Jul 16 20:06:42 pi systemd[1]: Stopped Firejail DoH Proxy Server.
Jul 16 20:06:42 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:06:43 pi fdns[1632]: Error: invalid proxy address
Jul 16 20:06:43 pi systemd[1]: fdns.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 20:06:43 pi systemd[1]: fdns.service: Failed with result 'exit-code'.
Jul 16 20:06:43 pi systemd[1]: fdns.service: Scheduled restart job, restart counter is at 2.
Jul 16 20:06:43 pi systemd[1]: Stopped Firejail DoH Proxy Server.
Jul 16 20:06:43 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:06:43 pi fdns[1654]: Error: invalid proxy address
Jul 16 20:06:43 pi systemd[1]: fdns.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 20:06:43 pi systemd[1]: fdns.service: Failed with result 'exit-code'.
Jul 16 20:06:43 pi systemd[1]: fdns.service: Scheduled restart job, restart counter is at 3.
Jul 16 20:06:43 pi systemd[1]: Stopped Firejail DoH Proxy Server.
Jul 16 20:06:43 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:06:44 pi fdns[1661]: Error: invalid proxy address
Jul 16 20:06:44 pi systemd[1]: fdns.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 20:06:44 pi systemd[1]: fdns.service: Failed with result 'exit-code'.
Jul 16 20:06:44 pi systemd[1]: fdns.service: Scheduled restart job, restart counter is at 4.
Jul 16 20:06:44 pi systemd[1]: Stopped Firejail DoH Proxy Server.
Jul 16 20:06:44 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:06:44 pi fdns[1666]: Error: invalid proxy address
user@pi:~$ sudo journalctl --unit=fdns.service
-- Logs begin at Wed 2020-04-01 17:23:43 UTC, end at Sat 2021-07-17 06:51:55 UTC. --
Jul 16 19:49:27 pi systemd[1]: Started fdns.
Jul 16 19:49:27 pi systemd[1]: fdns.service: Succeeded.
Jul 16 20:04:48 pi systemd[1]: Started Firejail DoH Proxy Server.
Jul 16 20:04:48 pi fdns[1988]: Testing server quad9
Jul 16 20:04:48 pi fdns[1988]: Tags: anycast, security, Americas, AsiaPacific, Europe
Jul 16 20:04:48 pi fdns[1988]: SSL/TLS connection: 194.79 ms
Jul 16 20:04:49 pi fdns[1988]: DoH query average: 31.59 ms
Jul 16 20:04:49 pi fdns[1988]: DoH/Do53 bandwidth ratio: 1.90
Jul 16 20:04:49 pi fdns[1988]: Keepalive: 20 to 25 seconds
Jul 16 20:04:50 pi fdns[1990]: Testing server digital-society
Jul 16 20:04:50 pi fdns[1990]: Tags: Switzerland, Europe
Jul 16 20:04:50 pi fdns[1990]: SSL/TLS connection: 142.85 ms
Jul 16 20:04:51 pi fdns[1990]: DoH query average: 23.57 ms
Jul 16 20:04:51 pi fdns[1990]: DoH/Do53 bandwidth ratio: 4.77
Jul 16 20:04:51 pi fdns[1990]: Keepalive: 140 to 170 seconds
Jul 16 20:04:52 pi fdns[1987]: Testing fallback server: adguard (94.140.14.14) - 11.80 ms
Jul 16 20:04:52 pi fdns[1987]: fdns starting
Jul 16 20:04:52 pi fdns[1987]: connecting to digital-society server
Jul 16 20:04:52 pi fdns[1987]: listening on 192.168.0.110
Jul 16 20:04:54 pi fdns[1991]: 470 filter entries added from /etc/fdns/trackers
Jul 16 20:04:54 pi fdns[1991]: 8940 filter entries added from /etc/fdns/fp-trackers
Jul 16 20:04:54 pi fdns[1991]: 10159 filter entries added from /etc/fdns/coinblocker
Jul 16 20:04:54 pi fdns[1991]: 60945 filter entries added from /etc/fdns/adblocker
Jul 16 20:04:54 pi fdns[1994]: 2 filter entries added from /etc/fdns/hosts
Jul 16 20:04:55 pi fdns[1994]: (0) Alert: SSL3 alert write:warning:close notify
Jul 16 20:04:55 pi fdns[1993]: (1) Alert: SSL3 alert write:warning:close notify
I have found workaround solution. Looks like fdns start before network is ready on Rapsberry PI. Changing service type from simple to idle in fdns.service solve problems (for now).
[Unit]
Description=Firejail DoH Proxy Server
Documentation=man:fdns(1)
Wants=network-online.target nss-lookup.target
Before=nscd.service nss-lookup.target ntpdate.service
[Service]
Type=idle
# start fdns as a local server listening on 127.1.1.1 loopback address
#ExecStart=/usr/bin/fdns
# start fdns as a network server listening on all interfaces and on 127.0.0.1 loopback address
#ExecStart=/usr/bin/fdns --proxy-addr-any
# start fdns as a network server listening on a specific network interface address
# --proxy-addr is broken when enabling RestrictAddressFamilies, see #15
ExecStart=/usr/bin/fdns --proxy-addr=192.168.0.110
# For more options like --allow-all-queries see man 1 fdns.
Restart=on-failure
...
Good to hear you found a workaround, however idle
shouldn't be used for ordering (it's racey).
Does it work if you add an explicit After=network-online.target
([Unit]
)? Are there any other targets or service in an aarch64 ubuntu server system that we should Wants
/After
for?
"However idle shouldn't be used for ordering" Yeah I'm aware, but systemd is a real mess.
"After=network-online.target" didn't help, but at least I’ve figured it out now... FDNS starts after network-online.target, but fails because Raspberry PI don't getting IP from my router in time. Only other working solution was to use static IP and adding systemd-networkd-wait-online.service to fdns.service (at least solution I'm aware. I'm open to other suggestions).
Ubuntu server use netplan and setting up static IP is done over /etc/netplan/50-cloud-init.yaml (can be found under a different names)
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses: [192.168.0.110/24]
gateway4: 192.168.0.1
nameservers:
addresses: [192.168.0.110]
Modification in /etc/systemd/system/fdns.service
[Unit]
Description=Firejail DoH Proxy Server
Documentation=man:fdns(1)
After=systemd-networkd-wait-online.service
Wants=network-online.target nss-lookup.target systemd-networkd-wait-online.service
Before=nscd.service nss-lookup.target ntpdate.service
[Service]
Type=simple
There are so much outdated and incorrect "howto" out there...
The interesting article related to this stuff is here: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ Check "What does this mean for me, a Developer?" section please, and many thanks for help.
because Raspberry PI don't getting IP from my router in time.
I know this problem. Some time ago I wanted to run very simple updater script (just one wget) for an /etc/hosts
blocklist after startup. It is awful that there is no way in systemd to start a unit once you are connected to "the internet".
I'm trying to set up fdns on raspberry pi 4 (ubuntu server 64) as network server. So far works great, but somehow it won't start on boot.
but work just fine with "sudo systemctl start fdns"
I have compile and install fdns as recomended (btw install fails to copy fdns.service to /etc/systemd/system/)
and using https://github.com/netblue30/fdns/blob/master/etc/fdns.service with following modifications:
Any ideas?
Also Firefox DoH (if activated) will bypass fdns even if started with "firejail --dns=192.168.0.110 firefox-esr".
If apps with buildin DoH can bypass fdns... Hmmm ?