Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FATAL] No IP found for [download.dnscrypt.info] (Android Pie) #866

Closed
mirfatif opened this issue Jun 26, 2019 · 2 comments
Closed

[FATAL] No IP found for [download.dnscrypt.info] (Android Pie) #866

mirfatif opened this issue Jun 26, 2019 · 2 comments
Labels
android timeout

Comments

@mirfatif
Copy link

mirfatif commented Jun 26, 2019
edited
Loading

This issue has already been reported but it didn't exist on old releases, at least on 2.0.19. I use iptables -P OUTPUT DROP on boot unless AFWall+ and dnscrypt-proxy are up. That's why I have added cloudflare to static server list. But process gets killed with following error without waiting for connectivity and without trying to use static server:

[CRITICAL] Unable to retrieve source [public-resolvers]: [No IP found for [download.dnscrypt.info]]
[FATAL] No IP found for [download.dnscrypt.info]

Static server is only used if sources.'public-resolvers' is not set in configuration:

[2019-06-26 02:05:42] [NOTICE] dnscrypt-proxy 2.0.25
[2019-06-26 02:05:42] [NOTICE] Loading the set of whitelisting rules from [/usr/etc/dnscrypt-proxy/whitelist.txt]
[2019-06-26 02:05:42] [NOTICE] Loading the set of blocking rules from [/usr/etc/dnscrypt-proxy/blacklist.txt]
[2019-06-26 02:05:42] [NOTICE] Now listening to 127.0.0.1:55 [UDP]
[2019-06-26 02:05:42] [NOTICE] Now listening to 127.0.0.1:55 [TCP]
[2019-06-26 02:05:42] [ERROR] Get https://dns.cloudflare.com/dns-query?ct=&dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA: dial tcp 1.0.0.1:443: connect: network is unreachable
[2019-06-26 02:05:42] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
[2019-06-26 02:09:03] [NOTICE] [cloudflare_static] OK (DoH) - rtt: 93ms
[2019-06-26 02:09:03] [NOTICE] Server with the lowest initial latency: cloudflare_static (rtt: 93ms)

Also refresh_delay = 72 is ignored.
I listen on port 55 to avoid contradiction with dnsmasq (tethering). /etc/resolv.conf contains nameserver 127.0.0.1 because I have some native daemons which depend on this, I don't want them to leak DNS on boot. Everything should go through dnscrypt-proxy.

My redirection rules:

-t nat -I OUTPUT -p udp -m owner ! --uid-owner 905 --dport 53 -j DNAT --to-destination 127.0.0.1:55
-t nat -I OUTPUT -p tcp -m owner ! --uid-owner 905 --dport 53 -j DNAT --to-destination 127.0.0.1:55

-I OUTPUT -p udp --dport 55 -j ACCEPT
-I OUTPUT -p tcp --dport 55 -j ACCEPT

UID 905 is that of dnscrypt-proxy process. Also the process runs with least required capabilities: NET_RAW and NET_BIND_SERVICE and with a restricted SELinux context. But this sandboxing has no impact on the working of process.

My configuration:

~$ getprop ro.build.version.sdk
28
~$ uname -m
aarch64
~$ dnscrypt-proxy --version
2.0.25
~$ cat /usr/etc/dnscrypt-proxy/dnscrypt-proxy.toml | grep -vE '^[ ]*#|^$'
listen_addresses = ['127.0.0.1:55']
max_clients = 250
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = false
doh_servers = true
require_nolog = true
require_nofilter = true
disabled_server_names = []
force_tcp = false
timeout = 2500
keepalive = 30
refused_code_in_responses = false
log_file = '/var/log/dnscrypt-proxy.log'
cert_refresh_delay = 240
fallback_resolver = '9.9.9.9:53'
ignore_system_dns = true
netprobe_timeout = -1
netprobe_address = "9.9.9.9:53"
log_files_max_size = 10
log_files_max_age = 30
log_files_max_backups = 1
block_ipv6 = false
cache = true
cache_size = 512
cache_min_ttl = 600
cache_max_ttl = 600
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
[query_log]
  format = 'tsv'
[nx_log]
  format = 'tsv'
[blacklist]
  blacklist_file = '/usr/etc/dnscrypt-proxy/blacklist.txt'
  log_file = '/var/log/dnscrypt-proxy_blacklist.log'
[ip_blacklist]
[whitelist]
  whitelist_file = '/usr/etc/dnscrypt-proxy/whitelist.txt'
[schedules]
[sources]
  [sources.'public-resolvers']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
  cache_file = 'public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''
[static]
  [static.'cloudflare_static']
  stamp = 'sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk'

Is there anything to be changed in configuration or is it a bug? Is it possible make dnscrypt-proxy wait for connectivity and use static server meanwhile?
@mirfatif mirfatif changed the title [FATAL] No IP found for [download.dnscrypt.info] [FATAL] No IP found for [download.dnscrypt.info] on Android Pie Jun 26, 2019
@mirfatif mirfatif changed the title [FATAL] No IP found for [download.dnscrypt.info] on Android Pie [FATAL] No IP found for [download.dnscrypt.info] (Android Pie) Jun 26, 2019
@jcdietrich
Copy link

I'm seeing this behaviour on Mac as well.

@jedisct1
Copy link
Member

It means that the system resolver, or the fallback resolver, are not reachable.

@DNSCrypt DNSCrypt locked and limited conversation to collaborators Aug 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
android timeout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jedisct1 @jcdietrich @mirfatif