You are not logged in.

#1 2020-06-14 17:03:54

What_is_root
Member
Registered: 2020-06-14
Posts: 1

Issues configuring dnscrypt-proxy with NetworkManager

Hello,

I am using Arch with KDE Plasma 5 and NetworkManager. I am on a XPS 13 9360, which has a glitch prone wireless card on linux. I followed this guide on the Arch wiki: https://wiki.archlinux.org/index.php/Dnscrypt-proxy
I opted to do the service option as I believe the socket option is now deprecated (I could be wrong). My /etc/resolv.conf is:

nameserver ::1
nameserver 127.0.0.1
options edns0 single-request-reopen

I've also made /etc/resolv.conf immutable according to https://wiki.archlinux.org/index.php/Do … esolv.conf

The relevant part of my /etc/dnscrypt-proxy/dnscrypt-proxy is:

# server_names = ...
...
listen_addresses = ['127.0.0.1:53', '[::1]:53']

I've opted in the above to let dnscrypt-proxy search for the lowest latency servers rather than specify each one I wish to use.

Following: https://wiki.archlinux.org/index.php/Ne … esolv.conf

My /etc/NetworkManager/NetworkManager.conf:

[main]
dns=none

I enabled and started the dnscrypt-proxy.service and restarted NetworkManager. When I use wireshark with the "dns", either I see queries to known privacy DNS services (e.g. doh.appliedprivacy.net) or there are no queries because they are encrypted TLS that wireshark cannot parse.

However, when I execute the command "dnscrypt-proxy -resolve google.com" or dnscrypt-proxy -resolve archlinux.org" I get the following:

Domain exists:  yes, 4 name servers found
Canonical name: google.com.
IP addresses:   [hidden]
TXT records:   [hidden]
Resolver IP:    [local DNS server, hidden for privacy]

Systemctl status dnscrypt-proxy shows that the service is functioning as expected. My question is why does resolving DNS names using dnscrypt use my local DNS server while wireshark shows encrypted DNS queries when I try to load webpages? Why is there is a disconnect between the two?

Thank you for any help!


[EDIT]
If I ping any website in terminal I immediately see the query in wireshark. My understanding is that any query from my system that is not through my browder is unencrypted. Could this mean that my set-up is not working?

Last edited by What_is_root (2020-06-14 17:35:59)

Offline

#2 2020-06-15 07:56:51

mxfm
Member
Registered: 2015-10-23
Posts: 163

Re: Issues configuring dnscrypt-proxy with NetworkManager

Dns crypt acts as local Dns server which receives uncrypted requests from local host. Then it sends encrypted request to remote server. When the data returns, it makes unencrypted response. What is your question?

Offline

#3 2020-06-15 16:30:47

Koatao
Member
Registered: 2018-08-30
Posts: 92

Re: Issues configuring dnscrypt-proxy with NetworkManager

Hello,

mxfm wrote:

What is your question?

What_is_root wrote:

However, when I execute the command "dnscrypt-proxy -resolve google.com" or dnscrypt-proxy -resolve archlinux.org" I get the following:

Domain exists:  yes, 4 name servers found
Canonical name: google.com.
IP addresses:   [hidden]
TXT records:   [hidden]
Resolver IP:    [local DNS server, hidden for privacy]

The OP understood how dnscrypt-proxy was supposed to work. The problem he is facing is that dnscrypt-proxy localhost server is not used for DNS queries system-wide (but only from his web browser). Which is not what he wants of course.

Btw, @What_is_root, there is no need to hide google IP address or private IP address if local DNS server means a server on your local network.

Usually, default DNS server to be used by the system is given as a DHCP option by the DHCP server.

I would make sure that: /etc/resolv.conf has not been overwritten (check for possible symlink to too, as mentioned in the wiki link you gave).

Could you give the output of the command below, so we can check there is no others network related services running:

systemctl list-unit-files --state=enabled

I would make sure NetworkManager is not touching any DNS related configuration, I don't know NetworkManager, so I can't give hint on how to do this sorry.

Last edited by Koatao (2020-06-15 16:36:00)

Offline

Board footer

Powered by FluxBB