发现 dnscrypt-wrapper 经常会卡死.

[zw963]

嘿, 我发现如果一段时间不使用设备连接 dnscrypt-wrapper 解析 DNS, 稍后再用的时候, 常常打不开网页,

然后, 用 dig 发现, 是域名解析不可用.

这时候, 需要重启下 dnscrypt-wrapper 服务, 然后就好了.

下面是服务器和客户端命令示例:

客户端:

#!/bin/sh

ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="-T -a 127.0.0.1:65053 -r 123.123.123.123:22335 -N 2.dnscrypt-cert.domain.com -k 3750:AED7:CEAB:DA91:137A:AFCD:3330:AEAA:2FEB:22AB:07FB:KVCE:3E72:31A3:5F1E:FE78"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

服务器:

/usr/sbin/dnscrypt-wrapper \
    -r 8.8.4.4:53 \
    -a 0.0.0.0:22335 \
    --provider-name=2.dnscrypt-cert.domain.com \
    --crypt-secretkey-file=/root/.dnskey/1.key \
    --provider-cert-file=/root/.dnskey/1.cert \
    -d \
    -VVV \
    -l /tmp/dnscrypt-wrapper.log

谢谢.

[zw963]

DNS 不可用时, dig 提示是:

; <<>> DiG 9.10.5 <<>> www.google.com -p 65053
;; global options: +cmd
;; connection timed out; no servers could be reached

[cofyc]

What's your dnscrypt-wrapper version?

[zw963]

@cofyc

[root@vil963 ~]# dnscrypt-wrapper --version
dnscrypt-wrapper 0.3-5.g116bbed

[zw963]

@cofyc , 有没有可能是 GFW 的缘故？ 找出了一些特征码， 然后 block 了连接。

我用的 -T 参数， 使用的 TCP.

[cofyc]

有可能，你的 resolver 是国外 IP 。
看一下 /tmp/dnscrypt-wrapper.log 日志。

另外，实际部署是 dnscrypt-wrapper 是用于服务端的，对 dns 加密，然后本地使用 dnscrypt-proxy 解密。

[zw963]

@cofyc , 刚刚又上不了了(可以确定卡死了)， 因为其他原因， 我没重启服务器上的 dnscrypt-wrapper， 只是重启了下路由器(也就是重启了 dnscrypt-proxy， 又可以了...

是不是加密/解密特征过于明显 ....

[cofyc]

能否在 dig 出错时，看下 dnscrypt-proxy 的日志？

[zw963]

@cofyc , 不知道华硕梅林怎么看日志， 晕。

服务器上没啥好看的, 如果失败的时候， 服务器没任何提示。

我过滤了下服务器日志，就这三种：

... Accepted a tcp connection.
...  Resolver read callback
Crypt public key fingerprint for 1.key:  ...
 client to proxy cb ...

貌似都是正常的。

[cofyc]

可以把 dnscrypt-proxy 运行在本地电脑上，看看。

[zw963]

@cofyc , 谢谢， 我给路由器的 /opt/etc/init.d/S09dnscrypt-proxy 加日志功能了。

稍后再出现上不了， 我看下。

[zw963]

@cofyc , 有个额外的问题请教下, 貌似 dnscrypt-proxy 无法作为 chinadns 的 upstream 服务器。

总之我试过， 失败的。shadowsocks/ChinaDNS#134

是不是这样的？

[cofyc]

@zw963 这个我没研究过，不清楚。

[zw963]

@cofyc , 好好的， 又上不了啦。

随便 ps 了一下路由器：

admin@RT-AC5300-5E70:/tmp/home/root# dig www.google.com -p 65053
;; Truncated, retrying in TCP mode.
;; communications error to 127.0.0.1#65053: end of file
admin@RT-AC5300-5E70:/tmp/home/root# netstat -an |grep 65053
tcp        0      0 127.0.0.1:65053         0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:65053         127.0.0.1:39990         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:51475         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:53506         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:58724         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:36972         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:34188         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:56069         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:38108         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:53959         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:59988         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:37910         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:34625         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:38708         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:44630         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:35121         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:35497         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:45543         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:49180         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:37769         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:60297         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:55239         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:34370         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:46554         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:50857         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:49726         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:58590         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:54951         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:44381         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:33881         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:39781         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:39514         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:33190         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:59613         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:42857         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:56347         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:38401         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:57902         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:42153         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:38685         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:50812         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:43802         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:39442         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:43737         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:34081         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:54421         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:37218         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:49884         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:57683         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:47570         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:33382         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:55759         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:45734         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:42709         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:37890         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:37512         TIME_WAIT   
tcp        0      0 127.0.0.1:65053         127.0.0.1:38029         TIME_WAIT   
udp        0      0 127.0.0.1:65053         0.0.0.0:*                           

[zw963]

看了下日志，

Tue Sep 12 06:47:15 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 06:49:06 2017 [INFO] Refetching server certificates
Tue Sep 12 06:49:06 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 06:51:00 2017 [INFO] Refetching server certificates
Tue Sep 12 06:51:01 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 06:52:58 2017 [INFO] Refetching server certificates
Tue Sep 12 06:52:58 2017 [ERROR] Unable to retrieve server certificates

[zw963]

看来这个 issue 和我提的 #114 重复了。

[zw963]

这次重启 proxy 客户端好几次都不行。一样的错误日志。

[zw963]

重启了服务器， 好了。

[cofyc]

@zw963

$ dig txt 2.dnscrypt-cert.domain.com

执行以上命令看下结果，将 2.dnscrypt-cert.domain.com 修改成你配置的 provider name 。

[cofyc]

@zw963
另外可以尝试使用公共的 dnscrypt 服务，https://dnscrypt.pl/ 。

[zw963]

又出错啦， 卡死好久了。

Tue Sep 12 09:00:12 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:12 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:13 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:13 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:17 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:17 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:23 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:23 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:32 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:32 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:44 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:44 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:00:59 2017 [INFO] Refetching server certificates
Tue Sep 12 09:00:59 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:01:17 2017 [INFO] Refetching server certificates
Tue Sep 12 09:01:17 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:01:38 2017 [INFO] Refetching server certificates
Tue Sep 12 09:01:38 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:02:02 2017 [INFO] Refetching server certificates
Tue Sep 12 09:02:02 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:02:29 2017 [INFO] Refetching server certificates
Tue Sep 12 09:02:30 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:03:00 2017 [INFO] Refetching server certificates
Tue Sep 12 09:03:00 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:03:33 2017 [INFO] Refetching server certificates
Tue Sep 12 09:03:33 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:04:09 2017 [INFO] Refetching server certificates
Tue Sep 12 09:04:09 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:04:48 2017 [INFO] Refetching server certificates
Tue Sep 12 09:04:48 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:05:30 2017 [INFO] Refetching server certificates
Tue Sep 12 09:05:30 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:06:15 2017 [INFO] Refetching server certificates
Tue Sep 12 09:06:15 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:07:03 2017 [INFO] Refetching server certificates
Tue Sep 12 09:07:03 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:07:54 2017 [INFO] Refetching server certificates
Tue Sep 12 09:07:55 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:08:49 2017 [INFO] Refetching server certificates
Tue Sep 12 09:08:49 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:09:46 2017 [INFO] Refetching server certificates
Tue Sep 12 09:09:49 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:10:49 2017 [INFO] Refetching server certificates
Tue Sep 12 09:10:49 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:11:52 2017 [INFO] Refetching server certificates
Tue Sep 12 09:11:52 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:12:58 2017 [INFO] Refetching server certificates
Tue Sep 12 09:12:58 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:14:07 2017 [INFO] Refetching server certificates
Tue Sep 12 09:14:07 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:15:19 2017 [INFO] Refetching server certificates
Tue Sep 12 09:15:19 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:16:34 2017 [INFO] Refetching server certificates
Tue Sep 12 09:16:34 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:17:52 2017 [INFO] Refetching server certificates
Tue Sep 12 09:17:53 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:19:14 2017 [INFO] Refetching server certificates
Tue Sep 12 09:19:14 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:20:38 2017 [INFO] Refetching server certificates
Tue Sep 12 09:20:38 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:22:05 2017 [INFO] Refetching server certificates
Tue Sep 12 09:22:05 2017 [ERROR] Unable to retrieve server certificates
Tue Sep 12 09:23:35 2017 [INFO] Refetching server certificates
Tue Sep 12 09:23:35 2017 [ERROR] Unable to retrieve server certificates

[zw963]

执行以上命令看下结果，将 2.dnscrypt-cert.domain.com 修改成你配置的 provider name 。

admin@RT-AC5300-5E70:/tmp/home/root# dig txt 2.dnscrypt-cert.zw963.com
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.10.5 <<>> txt 2.dnscrypt-cert.zw963.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 32330
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.dnscrypt-cert.zw963.com.	IN	TXT

;; Query time: 43 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 12 09:25:46 UTC 2017
;; MSG SIZE  rcvd: 43

[zw963]

@cofyc , 嘿， 我这个是一个配置比较低的 VPS, 总共只有 512MB 内存, 跟这个有关么？

[root@vil963 ~]# free -mh
              total        used        free      shared  buff/cache   available
Mem:           488M         39M        196M         28M        252M        397M
Swap:          1.0G         10M        1.0G

[zw963]

晚上不管怎么重启服务器和客户端， 就是连不上，

Sat Aug  1 08:22:08 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:22:08 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:22:08 2015 [ERROR] No useable certificates found
Sat Aug  1 08:22:29 2015 [INFO] Refetching server certificates
Sat Aug  1 08:22:29 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:22:29 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:22:29 2015 [ERROR] No useable certificates found
Sat Aug  1 08:22:53 2015 [INFO] Refetching server certificates
Sat Aug  1 08:22:53 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:22:53 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:22:53 2015 [ERROR] No useable certificates found
Sat Aug  1 08:23:20 2015 [INFO] Refetching server certificates
Sat Aug  1 08:23:21 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:23:21 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:23:21 2015 [ERROR] No useable certificates found
Sat Aug  1 08:23:51 2015 [INFO] Refetching server certificates
Sat Aug  1 08:23:51 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:23:51 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:23:51 2015 [ERROR] No useable certificates found
Sat Aug  1 08:24:24 2015 [INFO] Refetching server certificates
Sat Aug  1 08:24:24 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:24:24 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:24:24 2015 [ERROR] No useable certificates found
Sat Aug  1 08:25:00 2015 [INFO] Refetching server certificates
Sat Aug  1 08:25:01 2015 [INFO] Server certificate with serial #1504961197 received
Sat Aug  1 08:25:01 2015 [INFO] This certificate has not been activated yet
Sat Aug  1 08:25:01 2015 [ERROR] No useable certificates found

最后重新生成了一套，解决。provider name 没有变。

[cofyc]

从错误看，是证书相关问题，但我这边很难弄清楚原因。现在解决就好。

线上部署，可以尝试用这个打包好的 docker 镜像：https://github.com/jedisct1/dnscrypt-server-docker/ 。 使用比较方便。

[zw963]

@cofyc , 我可以尝试下 docker, 谢。

从错误看，是证书相关问题，但我这边很难弄清楚原因。现在解决就好。

中午回来又上不了， 重启服务器才解决。 唉。

[zw963]

@cofyc , 我觉得这个 issue 还没有解决，我添加了 crontab 五分钟重启一次 dnscrypt-wrapper 服务器。看看是否有效。

[cofyc]

@zw963 你参考下这个例子 https://github.com/cofyc/dnscrypt-wrapper/tree/master/example，里面有测试用的 key/cert 和测试脚本。

[zw963]

@zw963 你参考下这个例子 https://github.com/cofyc/dnscrypt-wrapper/tree/master/example，里面有测试用的 key/cert 和测试脚本。

无效的链接。

另外， crontab 每五分钟重启 dnscrypt-wrapper(客户端没有重启过), 似乎有效果。

这是客户端连接报告：

Thu Sep 14 18:58:10 2017 [INFO] Refetching server certificates
Thu Sep 14 18:58:10 2017 [INFO] Server certificate with serial #1505230815 received
Thu Sep 14 18:58:10 2017 [INFO] This certificate is valid
Thu Sep 14 18:58:10 2017 [INFO] Chosen certificate #1505230815 is valid from [2017-09-12] to [2018-09-12]
Thu Sep 14 18:58:10 2017 [INFO] The key rotation period for this server may exceed the recommended value. This is bad for forward secrecy.
Thu Sep 14 18:58:10 2017 [INFO] Server key fingerprint is *****************

先关闭了， 我再测试几天，如果有问题再开启。

[zw963]

@cofyc , 例子连接麻烦再发下。

[cofyc]

https://github.com/cofyc/dnscrypt-wrapper/tree/master/example

[zw963]

@cofyc , 似乎问题还是存在的, 隔一阵子 (有时候一天, 有时候三四天), dnscrpt-proxy 又连不上 dnscrypt-wrapper 了.

客户端日志:

Fri Sep 22 13:41:19 2017 [INFO] Refetching server certificates
Fri Sep 22 13:41:24 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:41:30 2017 [INFO] Refetching server certificates
Fri Sep 22 13:41:35 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:41:44 2017 [INFO] Refetching server certificates
Fri Sep 22 13:41:49 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:42:01 2017 [INFO] Refetching server certificates
Fri Sep 22 13:42:06 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:42:21 2017 [INFO] Refetching server certificates
Fri Sep 22 13:42:26 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:42:44 2017 [INFO] Refetching server certificates
Fri Sep 22 13:42:49 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:43:10 2017 [INFO] Refetching server certificates
Fri Sep 22 13:43:15 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:43:39 2017 [INFO] Refetching server certificates
Fri Sep 22 13:43:44 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:44:11 2017 [INFO] Refetching server certificates
Fri Sep 22 13:44:16 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:44:46 2017 [INFO] Refetching server certificates
Fri Sep 22 13:44:51 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:45:24 2017 [INFO] Refetching server certificates
Fri Sep 22 13:45:29 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:46:05 2017 [INFO] Refetching server certificates
Fri Sep 22 13:46:10 2017 [ERROR] Unable to retrieve server certificates
Fri Sep 22 13:46:49 2017 [INFO] Refetching server certificates
Fri Sep 22 13:46:54 2017 [ERROR] Unable to retrieve server certificates

服务器端日志, 除了输出 key, 没有任何提示:

[22541] 22 Sep 09:40:01.677 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22567] 22 Sep 09:40:40.556 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22588] 22 Sep 09:41:27.123 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22605] 22 Sep 09:42:23.086 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22622] 22 Sep 09:42:37.132 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22643] 22 Sep 09:45:01.778 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212
[22668] 22 Sep 09:50:01.964 [info] [main.c:522] Crypt public key fingerprint for /etc/dnscrypt-wrapper/1.key: 722B:E205:87EF:FDD0:2848:861A:418D:7E31:94CD:87A0:382B:8A1A:4CD5:CD2D:487E:6212

[zw963]

有可能是长城宽带造成的, 因为出问题的时候, 我通过 ssh 连接我的服务器都很慢很慢, 甚至根本连不上.
但是用手机流量则没有问题, 立即连接成功, 稍后我路由器换个宽带试试.

[zw963]

换了宽带, 有问题会再次讨扰. 😄