OT: Exists some problem with dnscrypt-proxy package?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OT: Exists some problem with dnscrypt-proxy package?

C. L. Martinez
Hi all,

  I have installed an openbsd 5.7 VM today to do some tests with pf
rules. One of the components to I need to enable in this gateway is
unbound+dnscrypt-proxy.

  I have configured forwarding in unbound.conf:

  forward-zone:
         name: "."
         forward-addr: 127.0.0.1@4553

  And I have started dnscypt-proxy with the following arguments:

-d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
/var/run/dnscrypt-proxy.pid

  Output:

32032 ??  Is      0:00.00 /usr/sbin/ftp-proxy -m 25
32411 ??  Is      0:00.00 /usr/local/sbin/dnscrypt-proxy -d
--user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
/var/run/dnscrypt-proxy.pid
  5667 ??  I       0:00.03 /usr/local/sbin/dnscrypt-proxy -d
--user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
/var/run/dnscrypt-proxy.pid
  1256 ??  Is      0:00.00 /usr/sbin/cron
17818 ??  Ss      0:00.12 sshd: root@ttyp0 (sshd)
   527 ??  Is      0:00.05 unbound -c /var/unbound/etc/unbound.conf
30164 p0  Ss      0:00.02 -ksh (ksh)
  7382 p0  R+      0:00.00 ps -xa
16881 C0  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC0
  3047 C1  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC1

  And it doesn't works. But if I change unbound's forward section to:

forward-zone:
         name: "."
         #forward-addr: 127.0.0.1@4553
         forward-addr: 8.8.8.8

  Works ok. Removing all forward seciton, unbound works ok also. Then, I
am doing something wrong but I don't know which.

  Any idea??

  Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: OT: Exists some problem with dnscrypt-proxy package?

J Sisson
With dnscrypt-proxy running, can you resolve hostnames?

dig @127.0.0.1 -p 4553 somehostname.com

If you can, do you have "do-not-query-localhost" set to "no" in your
unbound configuration?

On Sun, Sep 20, 2015 at 10:04 AM, C.L. Martinez <[hidden email]>
wrote:

> Hi all,
>
>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
> One of the components to I need to enable in this gateway is
> unbound+dnscrypt-proxy.
>
>  I have configured forwarding in unbound.conf:
>
>  forward-zone:
>         name: "."
>         forward-addr: 127.0.0.1@4553
>
>  And I have started dnscypt-proxy with the following arguments:
>
> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>
>  Output:
>
> 32032 ??  Is      0:00.00 /usr/sbin/ftp-proxy -m 25
> 32411 ??  Is      0:00.00 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  5667 ??  I       0:00.03 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  1256 ??  Is      0:00.00 /usr/sbin/cron
> 17818 ??  Ss      0:00.12 sshd: root@ttyp0 (sshd)
>   527 ??  Is      0:00.05 unbound -c /var/unbound/etc/unbound.conf
> 30164 p0  Ss      0:00.02 -ksh (ksh)
>  7382 p0  R+      0:00.00 ps -xa
> 16881 C0  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC0
>  3047 C1  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC1
>
>  And it doesn't works. But if I change unbound's forward section to:
>
> forward-zone:
>         name: "."
>         #forward-addr: 127.0.0.1@4553
>         forward-addr: 8.8.8.8
>
>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
> doing something wrong but I don't know which.
>
>  Any idea??
>
>  Thanks.
>
>


--
"BSD is what happens when Unix programmers port Unix to the x86.
Linux is what happens when x86 programmers write a Unix-like.
Windows is what happens when x86 programmers run all of their
programming textbooks through a blender, eat the ground up
remains of the text, and then code up what they can read in the
toilet 3 days later."

Reply | Threaded
Open this post in threaded view
|

Re: OT: Exists some problem with dnscrypt-proxy package?

Raf Czlonka-2
In reply to this post by C. L. Martinez
On Sun, Sep 20, 2015 at 06:04:19PM BST, C.L. Martinez wrote:

> Hi all,
>
>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
> One of the components to I need to enable in this gateway is
> unbound+dnscrypt-proxy.
>
>  I have configured forwarding in unbound.conf:
>
>  forward-zone:
>         name: "."
>         forward-addr: 127.0.0.1@4553
>
>  And I have started dnscypt-proxy with the following arguments:
>
> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>
>  Output:
>
> 32032 ??  Is      0:00.00 /usr/sbin/ftp-proxy -m 25
> 32411 ??  Is      0:00.00 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  5667 ??  I       0:00.03 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  1256 ??  Is      0:00.00 /usr/sbin/cron
> 17818 ??  Ss      0:00.12 sshd: root@ttyp0 (sshd)
>   527 ??  Is      0:00.05 unbound -c /var/unbound/etc/unbound.conf
> 30164 p0  Ss      0:00.02 -ksh (ksh)
>  7382 p0  R+      0:00.00 ps -xa
> 16881 C0  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC0
>  3047 C1  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC1
>
>  And it doesn't works. But if I change unbound's forward section to:
>
> forward-zone:
>         name: "."
>         #forward-addr: 127.0.0.1@4553
>         forward-addr: 8.8.8.8
>
>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
> doing something wrong but I don't know which.
>
>  Any idea??

dnscypt-proxy, being a package daemon, is started *after* unbound (base
early daemon)?

Raf

Reply | Threaded
Open this post in threaded view
|

Re: OT: Exists some problem with dnscrypt-proxy package?

fwsoucy
In reply to this post by C. L. Martinez
On 2015.09.20, C.L. Martinez wrote:

> Hi all,
>
>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
> One of the components to I need to enable in this gateway is
> unbound+dnscrypt-proxy.
>
>  I have configured forwarding in unbound.conf:
>
>  forward-zone:
>         name: "."
>         forward-addr: 127.0.0.1@4553
>
>  And I have started dnscypt-proxy with the following arguments:
>
> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>
>  Output:
>
> 32032 ??  Is      0:00.00 /usr/sbin/ftp-proxy -m 25
> 32411 ??  Is      0:00.00 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  5667 ??  I       0:00.03 /usr/local/sbin/dnscrypt-proxy -d
> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
> /var/run/dnscrypt-proxy.pid
>  1256 ??  Is      0:00.00 /usr/sbin/cron
> 17818 ??  Ss      0:00.12 sshd: root@ttyp0 (sshd)
>   527 ??  Is      0:00.05 unbound -c /var/unbound/etc/unbound.conf
> 30164 p0  Ss      0:00.02 -ksh (ksh)
>  7382 p0  R+      0:00.00 ps -xa
> 16881 C0  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC0
>  3047 C1  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC1
>
>  And it doesn't works. But if I change unbound's forward section to:
>
> forward-zone:
>         name: "."
>         #forward-addr: 127.0.0.1@4553
>         forward-addr: 8.8.8.8
>
>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
> doing something wrong but I don't know which.
>
>  Any idea??
>
>  Thanks.

i was having problems with dnscrypt.eu-nl today, could ping its ip but
not get any dns resolution so i just switched to dnscrypt.eu-dk and
everything is working again ymmv

Reply | Threaded
Open this post in threaded view
|

Re: OT: Exists some problem with dnscrypt-proxy package?

C. L. Martinez
On Mon, Sep 21, 2015 at 1:28 AM, frederick w. soucy <[hidden email]> wrote:

> On 2015.09.20, C.L. Martinez wrote:
>> Hi all,
>>
>>  I have installed an openbsd 5.7 VM today to do some tests with pf rules.
>> One of the components to I need to enable in this gateway is
>> unbound+dnscrypt-proxy.
>>
>>  I have configured forwarding in unbound.conf:
>>
>>  forward-zone:
>>         name: "."
>>         forward-addr: 127.0.0.1@4553
>>
>>  And I have started dnscypt-proxy with the following arguments:
>>
>> -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>
>>  Output:
>>
>> 32032 ??  Is      0:00.00 /usr/sbin/ftp-proxy -m 25
>> 32411 ??  Is      0:00.00 /usr/local/sbin/dnscrypt-proxy -d
>> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>  5667 ??  I       0:00.03 /usr/local/sbin/dnscrypt-proxy -d
>> --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p
>> /var/run/dnscrypt-proxy.pid
>>  1256 ??  Is      0:00.00 /usr/sbin/cron
>> 17818 ??  Ss      0:00.12 sshd: root@ttyp0 (sshd)
>>   527 ??  Is      0:00.05 unbound -c /var/unbound/etc/unbound.conf
>> 30164 p0  Ss      0:00.02 -ksh (ksh)
>>  7382 p0  R+      0:00.00 ps -xa
>> 16881 C0  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC0
>>  3047 C1  Is+     0:00.00 /usr/libexec/getty std.9600 ttyC1
>>
>>  And it doesn't works. But if I change unbound's forward section to:
>>
>> forward-zone:
>>         name: "."
>>         #forward-addr: 127.0.0.1@4553
>>         forward-addr: 8.8.8.8
>>
>>  Works ok. Removing all forward seciton, unbound works ok also. Then, I am
>> doing something wrong but I don't know which.
>>
>>  Any idea??
>>
>>  Thanks.
>
> i was having problems with dnscrypt.eu-nl today, could ping its ip but
> not get any dns resolution so i just switched to dnscrypt.eu-dk and
> everything is working again ymmv

Ok, it seems there is some problem with servers. This morning,
dnscrypt.eu-dk works, but not dnscrypt.eu-nl.

Uhmm ... I will try to update dnscrypt-resolvers.csv file to tests
more servers ...

Many thanks to all for your help.