You are not logged in.

Pages: 1

#1 2016-01-20 19:20:21

Utini
Member
Registered: 2015-09-28
Posts: 481
Website

libvirt blocks dnsmasq from starting + working (libvirt-dnsmasq works)

Hey there,

I already had libvirt + dnsmasq installed and working for 2-3 months but I recently added dnscrypt to that setup and since then dnsmasq fails to start and work correctly.
dnscrypt uses port 40, dnsmasq uses port 53 and, libvirt-dnsmasq seems to use port 53 as well and interfere with dnsmasq. That means libvirt starts libvirt-dnsmasq first (which then won't work/load the dnscrypt configuration) and dnsmasq itself fails to start afterwards because port 53 is already in use.

But lets start with the .conf files:

systemctl edit dnscrypt-proxy.socket:

[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.0.1:40
ListenDatagram=127.0.0.1:40

/etc/dnsmasq.conf:

no-resolv
server=127.0.0.1#40
listen-address=127.0.0.1
cache-size=1000

I am running GNOME with NetworkManager which is supposed to start dnsmasq on boot (so dnsmasq.service is disabled due to NetworkManager starting it).

/etc/NetworkManager/NetworkManager.conf

[main]
plugins=keyfile
dhcp=dhclient
#dns=default
dns=dnsmasq

## Set static hostname
#[keyfile]
#hostname=foobar

## HTTP-based connectivity check
#[connectivity]
#uri=http://nmcheck.gnome.org/check_network_status.txt
#interval=100

And since dnsmasq via networkmanager uses its own configuration file I re-created the dnsmasq.conf for networkmanager as well:

nano /etc/NetworkManager/dnsmasq.d/cache:

cache-size=1000
no-resolv
server=127.0.0.1#40
listen-address=127.0.0.1

And in case it is relevant, here are the dnscrypt config files:

/etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service:

[Unit]
Description=DNSCrypt client proxy
Requires=dnscrypt-proxy.socket

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

[Service]
Type=simple
NonBlocking=true
ExecStart=/usr/bin/dnscrypt-proxy \

          -R cisco

/usr/lib/systemd/system/dnscrypt-proxy.service:

[Unit]
Description=DNSCrypt client proxy
Requires=dnscrypt-proxy.socket

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

[Service]
Type=simple
NonBlocking=true
ExecStart=/usr/bin/dnscrypt-proxy \

          -R cisco

Outputs:


systemctl status dnscrypt-proxy.service -l:

* dnscrypt-proxy.service - DNSCrypt client proxy
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-01-19 19:04:16 CET; 30min ago
Main PID: 446 (dnscrypt-proxy)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/dnscrypt-proxy.service
           `-446 /usr/bin/dnscrypt-proxy -R cisco

Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] - [cisco] does not support Namecoin domains
Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [NOTICE] Starting dnscrypt-proxy 1.6.0
Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] Generating a new session key pair
Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] Done
Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Server certificate #1435874751 received
Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] This certificate looks valid
Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [NOTICE] Proxying from 127.0.0.1:40 to 208.67.220.220:443

systemctl status dnscrypt-proxy.socket -l

* dnscrypt-proxy.socket - dnscrypt-proxy listening socket
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.socket; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/dnscrypt-proxy.socket.d
           `-override.conf
   Active: active (running) since Tue 2016-01-19 19:04:16 CET; 30min ago
   Listen: 127.0.0.1:40 (Stream)
           127.0.0.1:40 (Datagram)

Jan 19 19:04:16 _____ systemd[1]: Listening on dnscrypt-proxy listening socket.

systemctl status dnsmasq.service:

Dnsmasq.service - a lightweight dhcp and caching dns server
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled)
Active: inactive (dead)

As you can see, dnsmasq.service isn't running correctly although there are 2 process of dnsmasq running (and using port 53) which come from libvirt.
If I then try to manuall run dnsmasq with "systemctl start dnsmasq.service" I will get the following error:

Starting A lightweight DHCP and caching DNS Server...
Dnsmasq: syntax check ok
Dnsmasq.service: main process exited, code=exited, status=2/invalidargument
Failed to start a lightweight dhcp and caching dns server
Dnsmasq: failed to create listening socket for port 53: adress is already in use

So my best guess is that I need to change libvirts-dnsmasq port? But why did it work until now? And if I should change it, how can I do that? Or is smth else causing troubles here?

Thanks !

Last edited by Utini (2016-01-20 19:20:49)

Setup 1: Thinkpad T14s G3, 14" FHD - R7 6850U - 32GB RAM - 2TB Solidigm P44 Pro NVME
Setup 2: Thinkpad X1E G1, 15.6" FHD - i7-8850H - 32GB RAM - NVIDIA GTX 1050Ti - 2x 1TB Samsung 970 Pro NVME
Accessories: Filco Majestouch TKL MX-Brown Mini Otaku, Benq XL2420T (144Hz), Lo(w)gitech G400, Puretrak Talent, Sennheiser HD800S + Meier Daccord FF + Meier Classic FF

Offline

Pages: 1

Board footer

Powered by FluxBB