Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: DNSCrypt not working (Read 2417 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

DNSCrypt not working

I have the following configuration file

Code: [Select]
$ cat /etc/conf.d/dnscrypt-proxy
DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALPORT=53
DNSCRYPT_USER=dnscrypt
DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.onic.csail.mit.edu
DNSCRYPT_PROVIDER_KEY=128D:B1BD:E10C:7CA1:D52B:091F:633E:99C1:937D:14F5:F812:B0CB:5B3C:F5CB:CC04:7272
DNSCRYPT_RESOLVERIP=128.52.130.209
DNSCRYPT_RESOLVERPORT=443

I then started the service. Then upon looking at the log, I saw that it wasn't working:

Code: [Select]
Sun Oct 29 16:33:28 2017 [INFO] Refetching server certificates
Sun Oct 29 16:33:43 2017 [ERROR] Unable to retrieve server certificates

Any ideas on how I can fix this?

Re: DNSCrypt not working

Reply #1
Can't reproduce, works fine both with the default config and the one you used:
Code: [Select]
Mon Nov  6 21:06:33 2017 [NOTICE] Starting dnscrypt-proxy 1.9.4
Mon Nov  6 21:06:33 2017 [INFO] Generating a new session key pair
Mon Nov  6 21:06:33 2017 [INFO] Done
Mon Nov  6 21:06:33 2017 [INFO] Server certificate with serial #1490391488 received
Mon Nov  6 21:06:33 2017 [INFO] This certificate is valid
Mon Nov  6 21:06:33 2017 [INFO] Chosen certificate #1490391488 is valid from [2017-03-24] to [2018-03-24]
Mon Nov  6 21:06:33 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Mon Nov  6 21:06:33 2017 [INFO] Server key fingerprint is E7F8:4477:BF89:1434:1ECE:23F0:D6A6:6EB9:4F45:3167:D71F:80BB:4E80:A04F:F180:F778
Mon Nov  6 21:06:33 2017 [NOTICE] Proxying from 127.0.0.1:53 to 208.67.220.220:443
Mon Nov  6 21:09:12 2017 [NOTICE] Stopping proxy
Mon Nov  6 21:09:12 2017 [INFO] UDP listener shut down
Mon Nov  6 21:09:12 2017 [INFO] TCP listener shut down
Mon Nov  6 21:09:12 2017 [NOTICE] Starting dnscrypt-proxy 1.9.4
Mon Nov  6 21:09:12 2017 [INFO] Generating a new session key pair
Mon Nov  6 21:09:12 2017 [INFO] Done
Mon Nov  6 21:09:12 2017 [INFO] Server certificate with serial #1502480660 received
Mon Nov  6 21:09:12 2017 [INFO] This certificate is valid
Mon Nov  6 21:09:12 2017 [INFO] Chosen certificate #1502480660 is valid from [2017-08-11] to [2018-08-11]
Mon Nov  6 21:09:12 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Mon Nov  6 21:09:12 2017 [INFO] Server key fingerprint is A79D:38DD:8798:AA36:6E49:08E2:BBC8:C9F3:336E:3BFE:168A:E55E:5CDA:7B9F:1D87:576C
Mon Nov  6 21:09:12 2017 [NOTICE] Proxying from 127.0.0.1:53 to 128.52.130.209:443

Re: DNSCrypt not working

Reply #2
Do you have any kind of firewall running that is blocking :53?

 

Re: DNSCrypt not working

Reply #3
Sorry guys, forgot to update the post; I'd gotten it to work. The problem was that the guys running the server had forgotten to start the 'dnscrypt' server-side service (apparently after a recent reboot), which they did after I caught someone on the OpenNIC IRC.