Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connection timeout at startup #801

Closed
idlmn opened this issue Apr 25, 2019 · 3 comments

Comments

@idlmn
Copy link

commented Apr 25, 2019

I am running dnscrypt-proxy in version 2.0.19 installed from the Debian sid repository on an minimal raspbian installation. I want to use it to encrypt dns queries through DNS over HTTPS but it does not matter what server I want it to use (Quad9, Cloudflare), every time after a system startup/restart the following is showing up in the system log:

Apr 25 04:51:50 raspi dnscrypt-proxy[1700]: [2019-04-25 04:51:50] [ERROR] Get https://dns.quad9.net/dns-query?ct=&dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Apr 25 04:51:50 raspi dnscrypt-proxy[1700]: [2019-04-25 04:51:50] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
Apr 25 04:53:45 raspi dnscrypt-proxy[1700]: [2019-04-25 04:53:45] [NOTICE] [quad9-doh-ip4-pri] OK (DoH) - rtt: 11ms
Apr 25 04:53:45 raspi dnscrypt-proxy[1700]: [2019-04-25 04:53:45] [NOTICE] Server with the lowest initial latency: quad9-doh-ip4-pri (rtt: 11ms)

At startup dnscrypt-proxy can't reach the server and resolving is impossible and exact 1 min and 55 sec later it is no problem.

@incognico

This comment has been minimized.

Copy link

commented Apr 25, 2019

Is it because the clock is off and gets synced ~2min after boot?

@idlmn

This comment has been minimized.

Copy link
Author

commented Apr 25, 2019

Is it because the clock is off and gets synced ~2min after boot?

That would be a good catch but unfortunately that is not the case. To make it perfectly sure, I disabled the the systemd unit and waited for systemd-timesyncd to synchronize the time. After this I started it manually over the command line but the problem still remains.

When I (re)boot the system, wait for 2 minutes and start it manually, erverthing is fine. So there is something in the background that keeps dnscrypt-proxy away from working correctly but I don't know what it could be.

UPDATE:
I have found the problem. In the system log I saw that dnycrypt-proxy started successfully one second after crng (kernel component for cryptographic random numbers) initialization had been done.
Google says that this component could cause some trouble. So I think that dnscrypt-proxy wants to retrieve some random content for https and/or maybe other things but because of the fact that the entropy queue isn't filled enough it has to wait until it is.
The Solution is to install rng-tools, so rngd fills up the entropy queue and dnscrypt-proxy is served with enough random content to work properly.

@jedisct1

This comment has been minimized.

Copy link
Owner

commented Apr 26, 2019

Duplicate of #760

@jedisct1 jedisct1 marked this as a duplicate of #760 Apr 26, 2019

@jedisct1 jedisct1 closed this Apr 26, 2019

Repository owner locked and limited conversation to collaborators May 26, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.