IPv6 Relays not forwarding

[pengelana]

When use IPv6 relay with IPv6 dnscrypt-server, no response from the relay, dnscrypt-proxy working fine without IPv6 relays.

[2019-10-19 15:46:38] [NOTICE] dnscrypt-proxy 2.0.29-beta.1
[2019-10-19 15:46:38] [NOTICE] Network connectivity detected
[2019-10-19 15:46:38] [NOTICE] Source [public-resolvers.md] loaded
[2019-10-19 15:46:38] [NOTICE] Anonymized DNS: routing [adguard-dns-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 15:46:38] [NOTICE] Firefox workaround initialized
[2019-10-19 15:46:38] [NOTICE] Now listening to 127.0.0.1:5003 [UDP]
[2019-10-19 15:46:38] [NOTICE] Now listening to 127.0.0.1:5003 [TCP]
[2019-10-19 15:46:38] [NOTICE] Now listening to [::1]:5003 [UDP]
[2019-10-19 15:46:38] [NOTICE] Now listening to [::1]:5003 [TCP]
[2019-10-19 15:46:38] [NOTICE] [adguard-dns-ipv6] OK (DNSCrypt) - rtt: 0ms
[2019-10-19 15:46:38] [NOTICE] Server with the lowest initial latency: adguard-dns-ipv6 (rtt: 0ms)
[2019-10-19 15:46:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1

drill -p 5003 @::1 google.com
Error: error sending query: Could not send or receive, because of network error

[pengelana]

Change external_addr = "0.0.0.0" to external_addr = "::" or any IPv6 address will make IPv6 works but IPv4 will be failed.

[jedisct1]

Ah dammit. I see why. Give me a minute to fix it.

[jedisct1]

This should be fixed, but I don't have IPv6 connectivity to test.

Are you using the docker container or the server directly?

[pengelana]

I'm using the server directly.
Latest build from git works nicely.

Thanks!

IPv6

[2019-10-19 18:27:48] [NOTICE] dnscrypt-proxy 2.0.29-beta.1
[2019-10-19 18:27:48] [NOTICE] Network connectivity detected
[2019-10-19 18:27:48] [NOTICE] Source [public-resolvers.md] loaded
[2019-10-19 18:27:48] [NOTICE] Anonymized DNS: routing [id-gmail-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:27:48] [NOTICE] Anonymized DNS: routing [jp.tiar.app-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:27:48] [NOTICE] Anonymized DNS: routing [developerli-de-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:27:48] [NOTICE] Firefox workaround initialized
[2019-10-19 18:27:48] [NOTICE] Now listening to 127.0.0.1:5003 [UDP]
[2019-10-19 18:27:48] [NOTICE] Now listening to 127.0.0.1:5003 [TCP]
[2019-10-19 18:27:48] [NOTICE] Now listening to [::1]:5003 [UDP]
[2019-10-19 18:27:48] [NOTICE] Now listening to [::1]:5003 [TCP]
[2019-10-19 18:27:48] [NOTICE] [id-gmail-ipv6] OK (DNSCrypt) - rtt: 29ms
[2019-10-19 18:27:49] [NOTICE] [jp.tiar.app-ipv6] OK (DNSCrypt) - rtt: 196ms
[2019-10-19 18:27:49] [NOTICE] [developerli-de-ipv6] OK (DNSCrypt) - rtt: 175ms
[2019-10-19 18:27:49] [NOTICE] Sorted latencies:
[2019-10-19 18:27:49] [NOTICE] -    29ms id-gmail-ipv6
[2019-10-19 18:27:49] [NOTICE] -   175ms developerli-de-ipv6
[2019-10-19 18:27:49] [NOTICE] -   196ms jp.tiar.app-ipv6
[2019-10-19 18:27:49] [NOTICE] Server with the lowest initial latency: id-gmail-ipv6 (rtt: 29ms)
[2019-10-19 18:27:49] [NOTICE] dnscrypt-proxy is ready - live servers: 3


$ drill -p 5003 @::1 google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 32880
;; flags: qr rd ra ; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN      A

;; ANSWER SECTION:
google.com.     59      IN      A       74.125.68.101
google.com.     59      IN      A       74.125.68.139
google.com.     59      IN      A       74.125.68.100
google.com.     59      IN      A       74.125.68.138
google.com.     59      IN      A       74.125.68.113
google.com.     59      IN      A       74.125.68.102

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 10 msec
;; EDNS: version 0; flags: ; udp: 4096
;; SERVER: ::1
;; WHEN: Sat Oct 19 18:31:49 2019
;; MSG SIZE  rcvd: 135

IPv4

[2019-10-19 18:39:11] [NOTICE] dnscrypt-proxy 2.0.29-beta.1
[2019-10-19 18:39:11] [NOTICE] Network connectivity detected
[2019-10-19 18:39:11] [NOTICE] Source [public-resolvers.md] loaded
[2019-10-19 18:39:11] [NOTICE] Anonymized DNS: routing [id-gmail-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:39:11] [NOTICE] Anonymized DNS: routing [jp.tiar.app-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:39:11] [NOTICE] Anonymized DNS: routing [developerli-de-ipv6] via [sdns://gSBbMjQwMDo2MTgwOjA6ZDA6OjVmNzM6NDAwMV06MTQ0Mw]
[2019-10-19 18:39:11] [NOTICE] Anonymized DNS: routing [jp.tiar.app] via [sdns://gRMxNzQuMTM4LjI5LjE3NToxNDQz]
[2019-10-19 18:39:11] [NOTICE] Anonymized DNS: routing [id-gmail] via [sdns://gRMxNzQuMTM4LjI5LjE3NToxNDQz]
[2019-10-19 18:39:11] [NOTICE] Firefox workaround initialized
[2019-10-19 18:39:11] [NOTICE] Now listening to 127.0.0.1:5003 [UDP]
[2019-10-19 18:39:11] [NOTICE] Now listening to 127.0.0.1:5003 [TCP]
[2019-10-19 18:39:11] [NOTICE] Now listening to [::1]:5003 [UDP]
[2019-10-19 18:39:11] [NOTICE] Now listening to [::1]:5003 [TCP]
[2019-10-19 18:39:12] [NOTICE] [id-gmail-ipv6] OK (DNSCrypt) - rtt: 14ms
[2019-10-19 18:39:12] [NOTICE] [jp.tiar.app-ipv6] OK (DNSCrypt) - rtt: 177ms
[2019-10-19 18:39:12] [NOTICE] [developerli-de-ipv6] OK (DNSCrypt) - rtt: 170ms
[2019-10-19 18:39:12] [NOTICE] [jp.tiar.app] OK (DNSCrypt) - rtt: 70ms
[2019-10-19 18:39:12] [NOTICE] [id-gmail] OK (DNSCrypt) - rtt: 4ms
[2019-10-19 18:39:12] [NOTICE] Sorted latencies:
[2019-10-19 18:39:12] [NOTICE] -     4ms id-gmail
[2019-10-19 18:39:12] [NOTICE] -    14ms id-gmail-ipv6
[2019-10-19 18:39:12] [NOTICE] -    70ms jp.tiar.app
[2019-10-19 18:39:12] [NOTICE] -   170ms developerli-de-ipv6
[2019-10-19 18:39:12] [NOTICE] -   177ms jp.tiar.app-ipv6
[2019-10-19 18:39:12] [NOTICE] Server with the lowest initial latency: id-gmail (rtt: 4ms)
[2019-10-19 18:39:12] [NOTICE] dnscrypt-proxy is ready - live servers: 5


$ drill -p 5003 @::1 google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 31789
;; flags: qr rd ra ; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN      A

;; ANSWER SECTION:
google.com.     258     IN      A       74.125.68.138
google.com.     258     IN      A       74.125.68.139
google.com.     258     IN      A       74.125.68.101
google.com.     258     IN      A       74.125.68.102
google.com.     258     IN      A       74.125.68.100
google.com.     258     IN      A       74.125.68.113

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 33 msec
;; EDNS: version 0; flags: ; udp: 4096
;; SERVER: ::1
;; WHEN: Sat Oct 19 18:39:42 2019
;; MSG SIZE  rcvd: 135

[jedisct1]

Thank you!

I'll tag a new version, then.

[D1n0Bot]

Hi pengelana,

are you able to test securedns ipv6 Dnscrypt for me? it seems timeout for me. wonder why.

I made static server for it.
sdns://AQcAAAAAAAAAIVsyYTAzOmIwYzA6MDoxMDEwOjplOWE6MzAwMV06NTM1MyD0nyxzTWK2hjGe0H5pGUM7LxOF9B77yi8XbVkLLkU-hhwyLmRuc2NyeXB0LWNlcnQuc2VjdXJlZG5zLmV1

Information taken from here.
https://securedns.eu/

Thanks in advance.

[pengelana]

The server not responding.

dig @2a03:b0c0:0:1010::e9a:3001 -p 5353
 txt 2.dnscrypt-cert.securedns.eu

; connection timed out; no servers could be reached

[D1n0Bot]

Just a follow up on the securedns.
I messaged the owner. Now the securedns ipv6 dnscrypt is working.
Note that the securedns dnscrypt sever do not have redundancy.

Thank you.