Add IPv6 Support #1

Closed
bitbeans opened this Issue Sep 18, 2015 · 9 comments

Comments

Projects
None yet
6 participants
@bitbeans
Owner

bitbeans commented Sep 18, 2015

No description provided.

@bitbeans bitbeans self-assigned this Sep 18, 2015

@bitbeans bitbeans modified the milestones: 0.3.0, 0.4.0 Sep 18, 2015

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Jul 29, 2016

The priority of this really needs elevated.

The priority of this really needs elevated.

bitbeans added a commit that referenced this issue Aug 8, 2016

Prepare 0.3.5
- Updated dnscrypt-proxy (1.7.0)
- Updated dnscrypt-resolver.csv
- Added config parameter: UpdateResolverListOnStart
- Added config parameter: UseIpv6 (experimental). See #1 and #58.
- Fixed default language after installation/update
- Added fallback URL (https://download.dnscrypt.org/dnscrypt-proxy/*)
for dnscrypt-resolver.csv and dnscrypt-resolver.csv.minisig
- Updated libsodium-net
- Added new dialog to the installer (create desktop shortcut). Fixes
#59.
@bitbeans

This comment has been minimized.

Show comment
Hide comment
@bitbeans

bitbeans Aug 8, 2016

Owner

I added a new config value:

UseIpv6: true

My current ISP does not support IPv6. So i can not test this, for now.

The new value will configure the network card with: ::FFFF:127.0.0.1 and all providers are in the list then.

Owner

bitbeans commented Aug 8, 2016

I added a new config value:

UseIpv6: true

My current ISP does not support IPv6. So i can not test this, for now.

The new value will configure the network card with: ::FFFF:127.0.0.1 and all providers are in the list then.

@AlphaCzerwinski

This comment has been minimized.

Show comment
Hide comment
@AlphaCzerwinski

AlphaCzerwinski Sep 9, 2016

Comcast supports IPv6. So, I noticed that when I activate simpleDNScrypt and then look at the output from IPCONFIG /ALL, it shows
a DHCPv6 Client DUID : (string of digits)
and then
DNS Servers:
2001 :558:feed: :1
2001 :558:feed: :2
127.0.0.1
Would it be correct to assume that it uses those DNS Servers in order, and thus would only use DNSCrypt if the first two did not provide an address?

If that is the case, then dnscrypt is not protecting me when I am on an IPv6 network, correct?

Suppose I could disable ipV6 on my wifi card, and restrict it to use only ipv4. In that case (I wonder) perhaps I would not see any DNS server except for 127.0.0.1.
Does that sound right?

Comcast supports IPv6. So, I noticed that when I activate simpleDNScrypt and then look at the output from IPCONFIG /ALL, it shows
a DHCPv6 Client DUID : (string of digits)
and then
DNS Servers:
2001 :558:feed: :1
2001 :558:feed: :2
127.0.0.1
Would it be correct to assume that it uses those DNS Servers in order, and thus would only use DNSCrypt if the first two did not provide an address?

If that is the case, then dnscrypt is not protecting me when I am on an IPv6 network, correct?

Suppose I could disable ipV6 on my wifi card, and restrict it to use only ipv4. In that case (I wonder) perhaps I would not see any DNS server except for 127.0.0.1.
Does that sound right?

@bitbeans bitbeans modified the milestones: 0.5.0, 0.4.0 Jan 4, 2017

@rhymeswithmogul

This comment has been minimized.

Show comment
Hide comment
@rhymeswithmogul

rhymeswithmogul Mar 24, 2017

The UseIPv6 option doesn't appear to work. When I put it in the config.yaml file and start Simple DNSCrypt, it only changes my IPv4 DNS settings, leaving my router's IPv6 address as the first DNS server.

However, Simple DNSCrypt does work properly over "IPv6" when I manually set the IPv4-mapped DNS server addresses as my resolvers.
screenshot 2017-03-24 at 12 56 45 am

The UseIPv6 option doesn't appear to work. When I put it in the config.yaml file and start Simple DNSCrypt, it only changes my IPv4 DNS settings, leaving my router's IPv6 address as the first DNS server.

However, Simple DNSCrypt does work properly over "IPv6" when I manually set the IPv4-mapped DNS server addresses as my resolvers.
screenshot 2017-03-24 at 12 56 45 am

@AlphaCzerwinski

This comment has been minimized.

Show comment
Hide comment
@AlphaCzerwinski

AlphaCzerwinski Mar 24, 2017

thank you Colin.

thank you Colin.

@Zenith-Nadir

This comment has been minimized.

Show comment
Hide comment
@Zenith-Nadir

Zenith-Nadir Apr 21, 2017

Hi,
I just got SimpleDnsCrypt.

  1. I wanted to set it up to use IPv6.
    Once IPv6 is set to =true (config file UseIpv6: true), I have DNS resolution issues.
    When I ping ::FFFF:127.0.0.1 I get response from 127.0.0.1, but when I try nslookup google.com ::FFFF:127.0.0.1
    I get an error: Server: UnKnown
    Address: 127.0.0.1
    *** UnKnown can't find google.com: No response from server
    However, when I use 127.0.0.1 to resolve names it does it correctly.
    I am not sure if this is because ::FFFF:127.0.0.1 is deprecated form or anything else.
    I tried solution by rhymeswithmogul (above) to manually enter IPv4-mapped DNS server addresses as my resolvers, but I seem not to understand where, in nic card settings or in SimpleDnsCrypt config file.
    When I use IPv6 or IPv4 resolvers IPs in nslookup I get correct responses. So, it appears there is some problem with ::FFFF:127.0.0.1(2) as resolver.
  2. Also, It would be pretty convenient to enable copy server name (especially IPv6 addresses), as well as FQDN, where resolvers are specified (without possibility of changing database .cvs file)
    If there is any more information you might need, please, do not hesitate to contact me.
    BTW I am using https://tunnelbroker.net/ as IPv6 provider, which is FREE, and easy to set up, in case you would want to get access to IPv6 for further developing IPv6 support in SimpleDnsCrypt.
    Sincerely,
    Zenith-Nadir

Hi,
I just got SimpleDnsCrypt.

  1. I wanted to set it up to use IPv6.
    Once IPv6 is set to =true (config file UseIpv6: true), I have DNS resolution issues.
    When I ping ::FFFF:127.0.0.1 I get response from 127.0.0.1, but when I try nslookup google.com ::FFFF:127.0.0.1
    I get an error: Server: UnKnown
    Address: 127.0.0.1
    *** UnKnown can't find google.com: No response from server
    However, when I use 127.0.0.1 to resolve names it does it correctly.
    I am not sure if this is because ::FFFF:127.0.0.1 is deprecated form or anything else.
    I tried solution by rhymeswithmogul (above) to manually enter IPv4-mapped DNS server addresses as my resolvers, but I seem not to understand where, in nic card settings or in SimpleDnsCrypt config file.
    When I use IPv6 or IPv4 resolvers IPs in nslookup I get correct responses. So, it appears there is some problem with ::FFFF:127.0.0.1(2) as resolver.
  2. Also, It would be pretty convenient to enable copy server name (especially IPv6 addresses), as well as FQDN, where resolvers are specified (without possibility of changing database .cvs file)
    If there is any more information you might need, please, do not hesitate to contact me.
    BTW I am using https://tunnelbroker.net/ as IPv6 provider, which is FREE, and easy to set up, in case you would want to get access to IPv6 for further developing IPv6 support in SimpleDnsCrypt.
    Sincerely,
    Zenith-Nadir
@Zenith-Nadir

This comment has been minimized.

Show comment
Hide comment
@Zenith-Nadir

Zenith-Nadir Apr 24, 2017

Hello,
I would like to add this info:
when trying to use
LocalAddress [::FFFF:127.0.0.1]:53, I get following error:
[ERROR] Unable to bind (UDP) [Cannot assign requested address [WSAEADDRNOTAVAIL ]]
while
when using LocalAddress [::1]:53, everything works as it should-I get connected.
Is there any option to change [::FFFF:127.0.0.1] and use [::1] instead?
Again this is Windows 10 x64 Anniversary edition
Sincerely,
Zenith-Nadir

Hello,
I would like to add this info:
when trying to use
LocalAddress [::FFFF:127.0.0.1]:53, I get following error:
[ERROR] Unable to bind (UDP) [Cannot assign requested address [WSAEADDRNOTAVAIL ]]
while
when using LocalAddress [::1]:53, everything works as it should-I get connected.
Is there any option to change [::FFFF:127.0.0.1] and use [::1] instead?
Again this is Windows 10 x64 Anniversary edition
Sincerely,
Zenith-Nadir

@Zenith-Nadir

This comment has been minimized.

Show comment
Hide comment
@Zenith-Nadir

Zenith-Nadir Apr 30, 2017

Actually, Great News with IPv6 in SimpleDnsCrypt ver. 0.4.2; Windows 10 x64, anniversary edition. SUCCESS!
Here are my steps to get it operational in SimpleDnsCrypt:

  1. add "UseIpv6: true" statement to config.yaml file (exactly written as it is here, except no quotation marks).
  2. disconnect/unbind currently connected/bound to SimpleDnsCrypt network interfaces.
  3. stop all running SimpleDnsCrypt services in GUI.
  4. shut down SimpleDnsCrypt GUI interface (application).
  5. start SimpleDnsCrypt GUI interface with elevated privileges (it shouldn't show IPv6 disabled at the program name).
  6. set Primary resolver to different port from default, lets say 5053 (and not 53) (you can highlight 53 and type over other port number, instead of clicking thousands of times to get there), and save this setting (round button next to Primary resolver's IP address:Port).
  7. Choose any listed IPv6 resolver from the drop down list.
  8. Start service(s) for chosen resolvers. Make sure your Primary resolver did not revert to port 53, but keeps port value you set for it.
  9. Connect/bind you network interface(s) to SimpleDnsCrypt; if successful you should see in ipconfig /all DNS Servers . . . . . . . . .: ::ffff:127.0.0.2
    ::ffff:127.0.0.1
    127.0.0.1
    127.0.0.2,
    if not, try to stop and restart SimpleDnsCrypt GUI.
  10. Make sure your firewall allows through chosen remote resolvers port(s), they vary as 53, 443, 1053, 2053, 5353 (this port should not be used because it is registered to mdns=multicast), ect.
    And this is it.
    Notes:
    ---Nslookup will not work: Server: UnKnown
    Address: 127.0.0.2
    *** UnKnown can't find google.com: No response from server
    ---but hostip in SimpleDnsCrypt subdir dnscrypt-proxy works, and browsing web should work as long as chosen remote resolvers are up and operational.
    ---Once this is working you can go to http://en.conn.internet.nl/connection/ and check if your IPv6 and DNSSEC are working, and your machine is secured.
    Good Luck.
    And devs Many Thanks for your hard work and patience.
    Sincerely,
    Zenith-Nadir

Actually, Great News with IPv6 in SimpleDnsCrypt ver. 0.4.2; Windows 10 x64, anniversary edition. SUCCESS!
Here are my steps to get it operational in SimpleDnsCrypt:

  1. add "UseIpv6: true" statement to config.yaml file (exactly written as it is here, except no quotation marks).
  2. disconnect/unbind currently connected/bound to SimpleDnsCrypt network interfaces.
  3. stop all running SimpleDnsCrypt services in GUI.
  4. shut down SimpleDnsCrypt GUI interface (application).
  5. start SimpleDnsCrypt GUI interface with elevated privileges (it shouldn't show IPv6 disabled at the program name).
  6. set Primary resolver to different port from default, lets say 5053 (and not 53) (you can highlight 53 and type over other port number, instead of clicking thousands of times to get there), and save this setting (round button next to Primary resolver's IP address:Port).
  7. Choose any listed IPv6 resolver from the drop down list.
  8. Start service(s) for chosen resolvers. Make sure your Primary resolver did not revert to port 53, but keeps port value you set for it.
  9. Connect/bind you network interface(s) to SimpleDnsCrypt; if successful you should see in ipconfig /all DNS Servers . . . . . . . . .: ::ffff:127.0.0.2
    ::ffff:127.0.0.1
    127.0.0.1
    127.0.0.2,
    if not, try to stop and restart SimpleDnsCrypt GUI.
  10. Make sure your firewall allows through chosen remote resolvers port(s), they vary as 53, 443, 1053, 2053, 5353 (this port should not be used because it is registered to mdns=multicast), ect.
    And this is it.
    Notes:
    ---Nslookup will not work: Server: UnKnown
    Address: 127.0.0.2
    *** UnKnown can't find google.com: No response from server
    ---but hostip in SimpleDnsCrypt subdir dnscrypt-proxy works, and browsing web should work as long as chosen remote resolvers are up and operational.
    ---Once this is working you can go to http://en.conn.internet.nl/connection/ and check if your IPv6 and DNSSEC are working, and your machine is secured.
    Good Luck.
    And devs Many Thanks for your hard work and patience.
    Sincerely,
    Zenith-Nadir

@Zenith-Nadir Zenith-Nadir referenced this issue Apr 30, 2017

Closed

Windows Versions #5

6 of 6 tasks complete
@dananichev

This comment has been minimized.

Show comment
Hide comment
@dananichev

dananichev Sep 14, 2017

Followed steps descibed by @Zenith-Nadir with some corrections and it seems to work just fine.
For fresh install i did this:

  • Before any configuration inside application i added UseIpv6: true into config.yaml
  • In compatibility settings i checked Run as administrator for Simple DNSCrypt
  • In app settings i chose one of "over ipv6" providers for primary resolver and 5053 as listening port
  • For second provider i chose one of "over ipv4' providers
  • Enabled both resolvers
  • Enabled ethernet card
  • Toggled state of this ethernet card in Windows's network settings from on to off and then to on again
  • Checked my connection here http://en.conn.internet.nl/connection/ -- Result 100%

Followed steps descibed by @Zenith-Nadir with some corrections and it seems to work just fine.
For fresh install i did this:

  • Before any configuration inside application i added UseIpv6: true into config.yaml
  • In compatibility settings i checked Run as administrator for Simple DNSCrypt
  • In app settings i chose one of "over ipv6" providers for primary resolver and 5053 as listening port
  • For second provider i chose one of "over ipv4' providers
  • Enabled both resolvers
  • Enabled ethernet card
  • Toggled state of this ethernet card in Windows's network settings from on to off and then to on again
  • Checked my connection here http://en.conn.internet.nl/connection/ -- Result 100%

@bitbeans bitbeans modified the milestones: 0.5.0, 0.4.4 Oct 31, 2017

@bitbeans bitbeans closed this Jan 26, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment