• DNSCrypt


    Hello,

    I’ve tried seeking help on the manjaro forum since I’m still a member there and recently switched to Antergos. No one was able to help.
    Also asked on the Arch forum, where I figured people would be the most tech-savvy, and they just deleted my thread because “Antergos is not Arch”.

    I’ve had success using OpenDNS and DNScrypt together in the past.
    I am using Opendns but cannot get DNScrypt to work again.
    I’m on Gnome.
    I’ve tried for hours while looking at instructions online.
    I also have comcast, they recently moved all customers to DNSSEC servers. As a result, customers will see a new DNS IP address of either 75.75.75.75 and/or 75.75.76.76 rather than 127.0.0.1, 127.0.1.1

    Really someone should write up an easy to understand step-by-step tutorial on getting OpenDNS and DNScrypt both working.
    I’m sure it’d benefit many people wishing to enhance security.

    But until then I’d be happy finding any help getting past the problems I’m experiencing.

    I tried following the directions in the Arch wiki and installed dnscrypt-autoinstall.

    start and enable the dnscrypt-proxy.service with:
    “sudo systemctl start dnscrypt-proxy.service”
    “sudo systemctl enable dnscrypt-proxy.service”

    I get the return error of "Failed to execute operation: File exists.

  • Hello,

    I’ve tried seeking help on the manjaro forum since I’m still a member there and recently switched to Antergos. No one was able to help.
    Also asked on the Arch forum, where I figured people would be the most tech-savvy, and they just deleted my thread because “Antergos is not Arch”.

    I’ve had success using OpenDNS and DNScrypt together in the past.
    I am using Opendns but cannot get DNScrypt to work again.
    I’m on Gnome.
    I’ve tried for hours while looking at instructions online.
    I also have comcast, they recently moved all customers to DNSSEC servers. As a result, customers will see a new DNS IP address of either 75.75.75.75 and/or 75.75.76.76 rather than 127.0.0.1, 127.0.1.1

    Really someone should write up an easy to understand step-by-step tutorial on getting OpenDNS and DNScrypt both working.
    I’m sure it’d benefit many people wishing to enhance security.

    But until then I’d be happy finding any help getting past the problems I’m experiencing.

    I tried following the directions in the Arch wiki and installed dnscrypt-autoinstall.

    start and enable the dnscrypt-proxy.service with:
    “sudo systemctl start dnscrypt-proxy.service”
    “sudo systemctl enable dnscrypt-proxy.service”

    I get the return error of "Failed to execute operation: File exists.

  • So changed the nameservers in resolv.conf to opendns ips. In my network settings under IPv4 I reset DNS to automatic rather than the OpenDNS ips.
    Was that correct?
    ran sudo systemctl restart NetworkManager
    Trying to see if DNScrypt is working…
    ran dnscrypt-proxy and got the return:
    [ERROR] Resolver information required.
    [ERROR] The easiest way to do so is to provide a resolver name.
    [ERROR] Example: dnscrypt-proxy -R mydnsprovider
    [ERROR] See the file [/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv] for a list of compatible public resolvers
    [ERROR] The name is the first column in this table.
    [ERROR] Alternatively, an IP address, a provider name and a provider key can be supplied.
    [ERROR] Please consult [http://dnscrypt.org][0]">[http://dnscrypt.org][1] and the dnscrypt-proxy(8 ) man page for details.

    ran sudo dnscrypt-proxy -R opendns
    [NOTICE] Starting dnscrypt-proxy 1.4.3
    [INFO] Initializing libsodium for optimal performance
    [INFO] Generating a new key pair
    [INFO] Done
    [ERROR] Unable to bind (UDP) [Address already in use]
    dnscrypt-proxy daemonize
    [ERROR] Resolver information required.
    [ERROR] The easiest way to do so is to provide a resolver name.
    [ERROR] Example: dnscrypt-proxy -R mydnsprovider
    [ERROR] See the file [/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv] for a list of compatible public resolvers
    [ERROR] The name is the first column in this table.
    [ERROR] Alternatively, an IP address, a provider name and a provider key can be supplied.
    [ERROR] Please consult [http://dnscrypt.org][0]">[http://dnscrypt.org][1] and the dnscrypt-proxy(8 ) man page for details.

    I see that OpenDNS is working still, despite setting DNS to automatic in network settings. not sure if this is any indication of dnscrypt working properly.

    [0]: <a href=
    [1]: http://dnscrypt.org

  • Hi,

    I can’t help with your problem, as I’ve never done a setup like the one you’re trying, but this error:

    Unable to bind (UDP) [Address already in use]

    means that you had already something running and using that UDP port. Maybe trying to run the same service twice?

  • Maybe it is already working… but when I used to use the command "dnscrypt-proxy"
    I used to get a return that it was working successfully, not that resolver info is required.
    Thank you, I appreciate any feedback.

  • hi you can go to dnscrypt github to the newest server list:

    [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv][0]">[https://github.com/jedisct1/dnscrypt-pr][1] … olvers.csv
    any way these are my config
    edit accordingly
    sudo gedit /etc/conf.d/dnscrypt-proxy

    DNSCRYPT_LOCALIP=127.0.0.1
    DNSCRYPT_LOCALPORT=53
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.d0wn.biz
    DNSCRYPT_PROVIDER_KEY=F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62
    DNSCRYPT_RESOLVERIP=128.199.248.105
    DNSCRYPT_RESOLVERPORT=54

    for openDNS
    DNSCRYPT_LOCALIP=127.0.0.1
    DNSCRYPT_LOCALPORT=53
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
    DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
    DNSCRYPT_RESOLVERIP=208.67.220.220
    DNSCRYPT_RESOLVERPORT=443

    edit these files
    DHCPCD(add to bottom)
    sudo gedit /etc/dhcpcd.conf
    nohook resolv.conf
    noarp

    resolv.conf
    sudo gedit /etc/resolv.conf
    nameserver 127.0.0.1 (add this bootom of file)

    after editing
    sudo systemctl daemon-reload

    see if this helps

    [0]: <a href=
    [1]: https://github.com/jedisct1/dnscrypt-pr

    Don&#x27;t Kill the Dream-Execute It

  • I followed everything you said.
    My /etc/conf.d/dnscrypt-proxy was already set to opendns
    added
    nohook resolv.conf
    noarp
    to the bottom of /etc/dhcpcd.conf

    ran sudo chattr -i /etc/resolv.conf to make resolv.conf writeable, which otherwise it wasn’t
    added nameserver 127.0.01 to the bottom (under the 2 opendns nameserver ips)

    did sudo systemctl daemon-reload

    Now tho @ [https://www.opendns.com/welcome/][0]">[https://www.opendns.com/welcome/][1]
    it says OpenDns is no longer working.

    running dnscrypt-proxy continues to return
    "[ERROR] Resolver information required.
    [ERROR] The easiest way to do so is to provide a resolver name.
    [ERROR] Example: dnscrypt-proxy -R mydnsprovider
    [ERROR] See the file [/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv] for a list of compatible public resolvers
    [ERROR] The name is the first column in this table.
    [ERROR] Alternatively, an IP address, a provider name and a provider key can be supplied.
    [ERROR] Please consult [http://dnscrypt.org][0]">[http://dnscrypt.org][2] and the dnscrypt-proxy(8) man page for details."

    Ran sudo systemctl restart NetworkManager
    sudo systemctl stop dnscrypt-proxy.service
    sudo systemctl disable dnscrypt-proxy.service
    sudo systemctl start dnscrypt-proxy.service
    sudo systemctl enable dnscrypt-proxy.service

    To make sure everything is refreshed, and still.

    So I guess I’ll undo the changes for now.
    Where I added nohook resolv.conf
    noarp
    to the bottom of /etc/dhcpcd.conf,

    was right beneath

    “nohook lookup-hostname
    noipv4ll”

    which were already written in. assuming those scripts couldn’t be the problem, but I checked and removed the commands and left the ones you told me to write in, but still didn’t fix anything. So put everything back the way it was.

    [0]: <a href=
    [1]: https://www.opendns.com/welcome/
    [2]: http://dnscrypt.org

  • Not sure if this helps, running "dig debug.opendns.com txt"
    returns

    ; <<>> DiG 9.9.2-P2 <<>> debug.opendns.com txt
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15532
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;debug.opendns.com. IN TXT

    ;; ANSWER SECTION:
    debug.opendns.com. 0 IN TXT "server 3.nyc"
    debug.opendns.com. 0 IN TXT "flags 20 0 2F4 5950800000000000000"
    debug.opendns.com. 0 IN TXT "originid 0"
    debug.opendns.com. 0 IN TXT "actype 0"
    debug.opendns.com. 0 IN TXT “source 73.198.217.38:40184”

    ;; Query time: 12 msec
    ;; SERVER: 208.67.222.222#53(208.67.222.222)
    ;; WHEN: Fri Jan 30 04:32:19 2015
    ;; MSG SIZE rcvd: 201

  • can you post
    systemctl status dnscrypt-proxy.service -l
    as per the link [https://www.opendns.com/welcome/][0]">[https://www.opendns.com/welcome/][1]
    this shows that i am using opendns server after i changed the config

    did u changed dns to 127.0.01 in network manager
    under dns
    server add 127.0.01 with automatic off and save and reboot
    check the link to confirm opendns
    sorry cant help u much as these are the config i tried and worked for me.

    so if can once again follow these steps

    1. systemctl status dnscrypt-proxy.service -l
      this shows its active(running)
      2)just remove the opendns ips and add nameserver 127.0.01
    2. in network manager settings under dns
      server add 127.0.01 with automatic off and save
      4)sudo systemctl daemon-reload
      reboot and checck the opendns link

    [0]: <a href=
    [1]: https://www.opendns.com/welcome/

    Don&#x27;t Kill the Dream-Execute It

  • I just changed dns settings to 127.0.01, I had them set to automatic but in the ip input spaces 127.0.0.1 and 127.0.0.2 were written in, so I erased the 2nd one and set it to manual. But i think you mean 127.0.0.1 and not 127.0.01, right? you might have made a typo? that’s always how I see that IP written.

    anyway after the change I tried the systemctl status dnscrypt-proxy.service -l and it says active (running) in green.

    [http://i175.photobucket.com/albums/w158/Precision_Herp/Screenshotfrom2015-01-30121323_zpsdb269387.png][0]">[http://i175.photobucket.com/albums/w158][1] … 269387.png

    2)just remove the opendns ips and add nameserver 127.0.01
    you mean in /etc/resolv.conf?

    I’ll go back and do everything you said to do in your first post, and just remove the opendns ips in resolv.conf.
    If I’m understanding.

    [0]: <a href=
    [1]: http://i175.photobucket.com/albums/w158

  • So I did all that. When I wen/t to edit /etc/resolv.conf it already set itself to 127.0.0.1

    “# Generated by resolvconf
    nameserver 127.0.0.1”

    It showed up like that the first time I had followed your instructions, when I went to put everything back to normal.
    This time I left it.

    Anyway now opendns.com/welcome gives me the oops error. Not detecting opendns.

    If I run “systemctl status dnscrypt-proxy.service -l” , it still says it is active and running.

    running dnscrypt-proxy continues to return
    "[ERROR] Resolver information required.
    [ERROR] The easiest way to do so is to provide a resolver name.
    [ERROR] Example: dnscrypt-proxy -R mydnsprovider
    [ERROR] See the file [/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv] for a list of compatible public resolvers
    [ERROR] The name is the first column in this table.
    [ERROR] Alternatively, an IP address, a provider name and a provider key can be supplied.
    [ERROR] Please consult [http://dnscrypt.org][0]">[http://dnscrypt.org][1] and the dnscrypt-proxy(8) man page for details."

    then I tried “dnscrypt-proxy -R opendns” as it mentions^ and as I’ve tried in the past and it returns:
    [NOTICE] Starting dnscrypt-proxy 1.4.3
    [INFO] Initializing libsodium for optimal performance
    [INFO] Generating a new key pair
    [INFO] Done
    [ERROR] Unable to bind (UDP) [Permission denied]

    gah idk. I really appreciate your help tho. I’ve tried for hours uninstalling and reinstalling and messing around.

    [0]: <a href=
    [1]: http://dnscrypt.org

  • dnscrypt.eu-dk-port5353 DNSCrypt.eu Denmark (port 5353) Free, non-logged, uncensored. Hosted by Netgroup. Denmark [https://dnscrypt.eu][0]">[https://dnscrypt.eu][1] 1 yes yes no 77.66.84.233:5353 2.dnscrypt-cert.resolver2.dnscrypt.eu 3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955 pubkey.resolver2.dnscrypt.eu

    ok as per ur log i see that u are using denmark server not opendns
    opendns is this

    opendns OpenDNS Predict and prevent attacks before they happen Anycast [https://www.opendns.com][0]">[https://www.opendns.com][2] 1 no no no 208.67.220.220:443 2.dnscrypt-cert.opendns.com B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79

    check this site for dnscrypt resolvers
    [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv][0]">[https://github.com/jedisct1/dnscrypt-pr][3] … olvers.csv

    can u pls post ur
    /etc/conf.d/dnscrypt-proxy and /usr/lib/systemd/system/dnscrypt-proxy.service

    as ur systemctl status dnscrypt-proxy.service -l ( image u posted) doesnt show opendns

    [0]: <a href=
    [1]: https://dnscrypt.eu
    [2]: https://www.opendns.com
    [3]: https://github.com/jedisct1/dnscrypt-pr

    Don&#x27;t Kill the Dream-Execute It

  • /etc/conf.d/dnscrypt-proxy
    DNSCRYPT_LOCALIP=127.0.0.1
    DNSCRYPT_LOCALPORT=53
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
    DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
    DNSCRYPT_RESOLVERIP=208.67.220.220
    DNSCRYPT_RESOLVERPORT=443

    /usr/lib/systemd/system/dnscrypt-proxy.service
    [Unit]
    Description=A tool for securing communications between a client and a DNS resolver.
    After=network.target
    # Only needed if you use pdnsd, other caching DNS servers can go here. Could be ignored too.
    #Before=pdnsd.service

    [Service]
    EnvironmentFile=/etc/conf.d/dnscrypt-proxy
    ExecStart=/usr/bin/dnscrypt-proxy \
    –local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \
    –resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} \
    –provider-name=${DNSCRYPT_PROVIDER_NAME} \
    –provider-key=${DNSCRYPT_PROVIDER_KEY} \
    –user=${DNSCRYPT_USER}
    Restart=on-abort

    [Install]
    WantedBy=multi-user.target

  • The way I went about installing this was setting my IPv4 DNS ips as OpenDNS than installing DNSCrypt. I believe it causes dnscrypt-proxy to use opendns but perhaps that is not the right way to set it up?

  • hi
    i am not able to understand that as per the link [http://i175.photobucket.com/albums/w158][0]">[http://i175.photobucket.com/albums/w158][1] … 269387.png, this doesnt show opendns
    whereas ur /etc/conf.d/dnscrypt-proxy shows opendns
    very strange

    and bout "The way I went about installing this was setting my IPv4 DNS ips as OpenDNS than installing DNSCrypt. I believe it causes dnscrypt-proxy to use opendns but perhaps that is not the right way to set it up?"
    i things u dont need to set IPv4 DNS ips as OpenDNS as dnscrypt will take care.
    also in network manager have u changed dns to 127.0.0.1 with automatic off.
    funny is that systemctl status dnscrypt-proxy.service -l it should show opendns ; whereas urs is not opendns!!!
    i think my expertise on this is limited.
    these are few things i know and i use to set up dnscrypt and with opendns thinks lookfine here and link does show me its fine.
    sorry bro cant help u no more
    cheers

    [0]: <a href=
    [1]: http://i175.photobucket.com/albums/w158

    Don&#x27;t Kill the Dream-Execute It

  • "also in network manager have u changed dns to 127.0.0.1 with automatic off."
    yes.

    Thanks for your help dude, I really appreciate all of your responses.
    I think maybe I’ll try reinstalling DNSCrypt now that dns is set to 127.0.0.1 in network settings.
    EDIT: after reinstalling, all settings are the same.

Posts 16Views 5711
Log in to reply