You are not logged in.
I successfully installed DNSCrypt.
systemctl enable dnscrypt-proxy.service
systemctl start dnscrypt-proxy.service
When I run
systemctl status dnscrypt-proxy.service
it tells me that it's active.
However, when I go in Firefox to welcome.opendns.com it gives me the page that says
I'm not on OpenDNS yet. I'm assuming that this is because I'm not using their servers directly,
since DNSCrypt uses localhost as the nameserver address.
So how would I got about checking whether or not DNSCrypt is actually working?
Last edited by Hurricane (2013-06-14 01:26:49)
Computers are extra dumb, which is why it takes extra smart people to make them work.
Offline
Install tcpdump
then run
sudo tcpdump -i eth0 dst host 208.67.222.222 or dst host 208.67.220.220 or src host 208.67.222.222 or src host 208.67.220.220 -n
visit a website or something and you should see something like this.
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:48:45.124397 IP 192.168.1.15.53084 > 208.67.220.220.443: UDP, length 260
10:48:45.125171 IP 192.168.1.15.53084 > 208.67.220.220.443: UDP, length 324
10:48:45.125534 IP 192.168.1.15.53084 > 208.67.220.220.443: UDP, length 324
10:48:45.126483 IP 192.168.1.15.53084 > 208.67.220.220.443: UDP, length 260
10:48:45.150944 IP 208.67.220.220.443 > 192.168.1.15.53084: UDP, length 304
10:48:45.152111 IP 208.67.220.220.443 > 192.168.1.15.53084: UDP, length 422
10:48:45.153479 IP 208.67.220.220.443 > 192.168.1.15.53084: UDP, length 304
10:48:45.154981 IP 208.67.220.220.443 > 192.168.1.15.53084: UDP, length 304
you can also open up another terminal and run
sudo tcpdump -i eth0 dst port 53 or src port 53 -n -x -X -v
That way you can see if any non encrypted DNS queries are getting through.
Last edited by Dissident85 (2013-06-12 09:53:29)
Offline
If you are using dnscrypt to connect to OpenDNS, there is another way:
drill txt debug.opendns.com
or
dig txt debug.opendns.com
You should see a line that says "dnscrypt".
If you're using a different dnscrypt-enabled server or if you're running your own dnscrypt-wrapper instance, tcpdump is indeed the best way to test that the client works as expected.
Offline
Dissident, for the small exception of changing the device I was listening on (I'm connected wirelessly) I got pretty much the same output as what you showed.
jedisct1, aren't you the one that is hosting the project on git? Or do you have the ppa under Ubuntu? Your handle is oddly familiar.
If so, can you explain to me why I'm seeing the connection to an OpenDNS server even though my nameserver is set to localhost in resolv.conf?
Computers are extra dumb, which is why it takes extra smart people to make them work.
Offline
Hurricane: Yes, I'm the maintainer of the project. I don't have a ppa for Ubuntu (is there any?), but the git repository contains an fpm script to build RPMs and DEBs for it: https://github.com/jedisct1/dnscrypt-pr … ckages/fpm
This is a proxy. It accepts connections to localhost, then forwards the queries to a remote server (OpenDNS by default -for now-, but you can change that with command-line switches).
If you are using something like tcpdump to watch the traffic, make sure you specify the correct interface, either lo for localhost, or (probably) eth0 for the external interface.
Offline
Thanks for explaining it. I get it now. As for the ppa, I don't know if there is one but I could have sworn there was. But yeah I remember seeing your name on github now.
Computers are extra dumb, which is why it takes extra smart people to make them work.
Offline
I've setup dnscrypt successfully on a local machine now trying to get it to work on a machine hosting openvpn without much luck. Using tcpdump files created on the server, what woudl be the best way to verify that it is working on openvpn?
I notice that when my desktop connects to the the openvpn server dnsleaks are clean, but when my android phone connects to the openvpn server, dnsleaks are dirty.
any illumination on this subject woudl be greatly appreciated.
Offline