dnscrypt-proxy is Not resolving Ubuntu 18.04 LTS , Version: 2.0.15

[oneletter1]

I've been playing with dnscrypt-proxy for about a day and can't really get this to work.

Description: Ubuntu 18.04 LTS
Version: 2.0.15

I already removed resolvconf and deleted/replaced resolv.conf as described in the installation and also removed dnsmasq as described in here

It seems the ubuntu bionic package is using systemd by default which is fine.

/etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket 👍

[Unit]
Description=DNSCrypt-proxy socket
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Before=nss-lookup.target
Wants=nss-lookup.target

[Socket]
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53
NoDelay=true
DeferAcceptSec=1

[Install]
WantedBy=sockets.target

So we are listening on 127.0.2.1:53 according to the above.

After starting dnscrypt-proxy:

systemctl restart dnscrypt-proxy.service

Here is the output in the syslog after executing the above:

Jun 21 18:50:02 ubuntu-2gb-nbg1-2 dnscrypt-proxy[21796]: [2018-06-21 18:50:02] [NOTICE] Stopped.
Jun 21 18:50:02 ubuntu-2gb-nbg1-2 systemd[1]: Stopping DNSCrypt-proxy client...
Jun 21 18:50:02 ubuntu-2gb-nbg1-2 systemd[1]: Stopped DNSCrypt-proxy client.
Jun 21 18:50:02 ubuntu-2gb-nbg1-2 systemd[1]: Started DNSCrypt-proxy client.
Jun 21 18:50:02 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:02] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [raw.githubusercontent.com] using fallback resolver [9.9.9.9:53]
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [WARNING] /etc/dnscrypt-proxy/public-resolvers.md: open sf-duc36cw4xanarj2n.tmp: read-only file system
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [WARNING] /etc/dnscrypt-proxy/public-resolvers.md.minisig: open sf-tjz3fkun4a4n7gwq.tmp: read-only file system
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] Source [public-resolvers.md] loaded
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] dnscrypt-proxy 2.0.15
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] Wiring systemd TCP socket #0
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [arvind-io] OK (crypto v2) - rtt: 138ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [captnemo-in] OK (crypto v1) - rtt: 145ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [cloudflare] OK (DoH) - rtt: 16ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [cpunks-ru] OK (crypto v1) - rtt: 58ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [d0wn-is-ns2] OK (crypto v1) - rtt: 47ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [d0wn-nl-ns4] OK (crypto v1) - rtt: 12ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [d0wn-tz-ns1] OK (crypto v1) - rtt: 163ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [de.dnsmaschine.net] OK (crypto v2) - rtt: 14ms
Jun 21 18:50:03 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:03] [NOTICE] [dnscrypt.ca-1] OK (crypto v1) - rtt: 93ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [dnscrypt.ca-2] OK (crypto v1) - rtt: 94ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [dnscrypt.eu-dk] OK (crypto v1) - rtt: 36ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [dnscrypt.eu-nl] OK (crypto v1) - rtt: 10ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [dnscrypt.me] OK (crypto v2) - rtt: 4ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [dnscrypt.nl-ns0] OK (crypto v2) - rtt: 11ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [doh-crypto-sx] OK (DoH) - rtt: 44ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [ev-us] OK (crypto v2) - rtt: 153ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [freetsa.org] OK (crypto v1) - rtt: 192ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [flatty.co] TIMEOUT
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [dns.google.com] using fallback resolver [9.9.9.9:53]
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [google] OK (DoH) - rtt: 14ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [ibksturm] OK (crypto v1) - rtt: 22ms
Jun 21 18:50:04 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:04] [NOTICE] [ipredator] OK (crypto v1) - rtt: 36ms
Jun 21 18:50:05 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:05] [NOTICE] [opennic-luggs] OK (crypto v1) - rtt: 89ms
Jun 21 18:50:05 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:05] [NOTICE] [opennic-onic] OK (crypto v1) - rtt: 99ms
Jun 21 18:50:05 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:05] [NOTICE] [opennic-tumabox] OK (crypto v1) - rtt: 14ms
Jun 21 18:50:05 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:05] [NOTICE] [publicarray-au] OK (crypto v1) - rtt: 290ms
Jun 21 18:50:05 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:05] [NOTICE] [publicarray-au2] OK (crypto v2) - rtt: 287ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [publicarray-au-doh] OK (DoH) - rtt: 287ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [qag.me] OK (crypto v2) - rtt: 140ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [qualityology.com] OK (crypto v2) - rtt: 149ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [scaleway-fr] OK (crypto v2) - rtt: 16ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [securedns] OK (crypto v1) - rtt: 9ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [soltysiak] OK (crypto v1) - rtt: 16ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [trashvpn] OK (crypto v2) - rtt: 2ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [ventricle.us] OK (crypto v2) - rtt: 90ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] [yandex] OK (crypto v1) - rtt: 33ms
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] Server with the lowest initial latency: trashvpn (rtt: 2ms)
Jun 21 18:50:07 ubuntu-2gb-nbg1-2 dnscrypt-proxy[31382]: [2018-06-21 18:50:07] [NOTICE] dnscrypt-proxy is ready - live servers: 34

Now i check dnscrypt-proxy is indeed listening on 127.0.2.1:53 but it shows state as UNCONN , is this right?

root@ubuntu-2gb-nbg1-2 /etc/dnscrypt-proxy # ss -lp 'sport = :domain'
Netid State    Recv-Q   Send-Q      Local Address:Port       Peer Address:Port
udp   UNCONN   70656    0               127.0.2.1:domain          0.0.0.0:*      users:(("systemd",pid=1,fd=127))
tcp   LISTEN   0        128             127.0.2.1:domain          0.0.0.0:*      users:(("dnscrypt-proxy",pid=21796,fd=7),("systemd",pid=1,fd=126))

Anyway i followed the installation and recreated /etc/resolv.conf:

nameserver 127.0.0.1
options edns0 single-request-reopen

Then I tried a test:

root@ubuntu-2gb-nbg1-2 /etc/systemd/system # dnscrypt-proxy -resolve google.com
Resolving [google.com]

Domain exists: probably not, or blocked by the proxy
Canonical name: -
IP addresses: -
TXT records: -

Now i realized maybe this is because resolv.conf is not pointed to 127.0.2.1 which is where we are listening. so i changed it and then re-tried the test.

root@ubuntu-2gb-nbg1-2 /etc/systemd/system # cat /etc/resolv.conf
nameserver 127.0.2.1
options edns0 single-request-reopen

This time it doesn't return and just hangs at "Domain exists:" before returning the same.

root@ubuntu-2gb-nbg1-2 /etc/systemd/system # dnscrypt-proxy -resolve google.com
Resolving [google.com]

Domain exists:  probably not, or blocked by the proxy
Canonical name: -
IP addresses:   -
TXT records:    -

Needless to say my system DNS is now also broken since I deleted resolvconf:

root@ubuntu-2gb-nbg1-2 /etc/systemd/system # ping google.com
ping: google.com: Temporary failure in name resolution

I have tried this process twice over on different machines and networks and still the same result.

Please guys help me thanks :)

[jedisct1]

systemd sockets don't work.

Just follow the normal installation instructions. It won't install any .socket file.

[rwasef1830]

The tcp socket appears to work, but the udp socket is not "wired" by dnscrypt-proxy on startup like its tcp counterpart.

[jedisct1]

Duplicate of #480