You are not logged in.

#1 2015-04-11 16:08:24

jo-shva
Member
From: Sherman, TX USA
Registered: 2010-10-18
Posts: 133

Pdnsd or Unbound and Dnscrypt wont run at same time [SOLVED]

I can get either to work individually but I recieve these error when running together:

pdnsd.service - proxy name server
   Loaded: loaded (/usr/lib/systemd/system/pdnsd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2015-04-11 10:48:24 CDT; 5min ago
  Process: 1601 ExecStart=/usr/bin/pdnsd (code=exited, status=1/FAILURE)
 Main PID: 1601 (code=exited, status=1/FAILURE)

Apr 11 10:48:24 rooster pdnsd[1601]: Ignoring name-server address "127.0.0.1" in config file (identical to server_ip address).
Apr 11 10:48:24 rooster pdnsd[1601]: * 04/11 10:48:24| pdnsd: error: Could not bind tcp socket: Address already in use
Apr 11 10:48:24 rooster pdnsd[1601]: * 04/11 10:48:24| pdnsd: error: Could not bind to udp socket: Address already in use
Apr 11 10:48:24 rooster pdnsd[1601]: * 04/11 10:48:24| pdnsd: error: tcp and udp initialization failed. Exiting.
Apr 11 10:48:24 rooster systemd[1]: pdnsd.service: main process exited, code=exited, status=1/FAILURE
Apr 11 10:48:24 rooster systemd[1]: Unit pdnsd.service entered failed state.
Apr 11 10:48:24 rooster systemd[1]: pdnsd.service failed.

Dnscrypt gives this message:

 ● dnscrypt-proxy.service - A tool for securing communications between a client and a DNS resolver.
   Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2015-04-11 10:48:49 CDT; 14s ago
 Main PID: 1617 (dnscrypt-proxy)
   CGroup: /system.slice/dnscrypt-proxy.service
           └─1617 /usr/bin/dnscrypt-proxy --local-address=127.0.0.1:53 --reso...

Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [NOTICE] Starting dnscrypt-pro...3
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Initializing libsodium ...e
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Generating a new key pair
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Done
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Server certificate #140...d
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] This certificate looks ...d
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Chosen certificate #140...]
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [INFO] Server key fingerprint ...3
Apr 11 10:48:49 rooster dnscrypt-proxy[1617]: [NOTICE] Proxying from 127.0.0...3
Hint: Some lines were ellipsized, use -l to show in full.

When Dnscrypt is the one that doesnt start this is the systemd error:

● dnscrypt-proxy.service - A tool for securing communications between a client and a DNS resolver.
   Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2015-04-11 11:20:55 CDT; 1min 7s ago
  Process: 490 ExecStart=/usr/bin/dnscrypt-proxy --local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} --resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} --provider-name=${DNSCRYPT_PROVIDER_NAME} --provider-key=${DNSCRYPT_PROVIDER_KEY} --user=${DNSCRYPT_USER} (code=exited, status=1/FAILURE)
 Main PID: 490 (code=exited, status=1/FAILURE)

Apr 11 11:20:55 rooster systemd[1]: dnscrypt-proxy.service: main process exited, code=exited, status=1/FAILURE
Apr 11 11:20:55 rooster systemd[1]: Unit dnscrypt-proxy.service entered failed state.
Apr 11 11:20:55 rooster systemd[1]: dnscrypt-proxy.service failed.
Apr 11 11:20:55 rooster dnscrypt-proxy[490]: [NOTICE] Starting dnscrypt-proxy 1.4.3
Apr 11 11:20:55 rooster dnscrypt-proxy[490]: [INFO] Initializing libsodium for optimal performance
Apr 11 11:20:55 rooster dnscrypt-proxy[490]: [INFO] Generating a new key pair
Apr 11 11:20:55 rooster dnscrypt-proxy[490]: [INFO] Done
Apr 11 11:20:55 rooster dnscrypt-proxy[490]: [ERROR] Unable to bind (UDP) [Address already in use]

My pdnsd.conf:

 // Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.

global {
	perm_cache=16384;
	cache_dir="/var/cache/pdnsd";
	run_as="pdnsd";
 	server_ip = 127.0.0.1;
	status_ctl = on;
	query_method=udp_tcp;
	min_ttl=15m;       # Retain cached entries at least 15 minutes.
	max_ttl=1w;        # One week.
	timeout=10;        # Global timeout option (10 seconds).
	neg_domain_pol=on;
	udpbufsize=1024;   # Upper limit on the size of UDP messages.
}

# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
	label= "dnscrypt-proxy";
	ip = 127.0.0.2;  # Put your ISP's DNS-server address(es) here.
	port = 53;
#	proxy_only=on;     # Do not query any name servers beside your ISP's.
	                   # This may be necessary if you are behind some
	                   # kind of firewall and cannot receive replies
	                   # from outside name servers.
	timeout=4;         # Server timeout; this may be much shorter
			   # that the global timeout option.
	uptest=query;         # Test if the network interface is active.
#	interface=wlo1;    # The name of the interface to check.
	interval=15m;      # Check every 10 minutes.
#	purge_cache=off;   # Keep stale cache entries in case the ISP's
			   # DNS servers go offline.
#	edns_query=yes;    # Use EDNS for outgoing queries to allow UDP messages
	proxy_only=on;
			   # larger than 512 bytes. May cause trouble with some
			   # legacy systems.
#	exclude=.thepiratebay.org,  # If your ISP censors certain names, you may
#		.thepiratebay.se,   # want to exclude them here, and provide an
#		.piratebay.org,	    # alternative server section below that will
#		.piratebay.se;	    # successfully resolve the names.
}

/*
# The following section is more appropriate for dial-up connections.
# Read about how to use pdnsd-ctl for dynamic configuration in the documentation.
server {
	label= "dialup";
	file = "/etc/ppp/resolv.conf";  # Preferably do not use /etc/resolv.conf
	proxy_only=on;
	timeout=4;
	uptest=if;
	interface = ppp0;
	interval=10;       # Check the interface every 10 seconds.
	purge_cache=off;
	preset=off;
}
*/

/*
# The servers provided by OpenDNS are fast, but they do not reply with
# NXDOMAIN for non-existant domains, instead they supply you with an
# address of one of their search engines. They also lie about the addresses of 
# of the search engines of google, microsoft and yahoo.
# If you do not like this behaviour the "reject" option may be useful.
server {
	label = "opendns";
	ip = 208.67.222.222, 208.67.220.220;
	reject = 208.69.32.0/24,  # You may need to add additional address ranges
	         208.69.34.0/24,  # here if the addresses of their search engines
	         208.67.219.0/24; # change.
	reject_policy = fail;     # If you do not provide any alternative server
	                          # sections, like the following root-server
	                          # example, "negate" may be more appropriate here.
	timeout = 4;
	uptest = ping;            # Test availability using ICMP echo requests.
        ping_timeout = 100;       # ping test will time out after 10 seconds.
	interval = 15m;           # Test every 15 minutes.
	preset = off;
}
*/

/*
# This section is meant for resolving from root servers.
server {
	label = "root-servers";
	root_server = discover; # Query the name servers listed below
				# to obtain a full list of root servers.
	randomize_servers = on; # Give every root server an equal chance
	                        # of being queried.
	ip = 	198.41.0.4,     # This list will be expanded to the full
		192.228.79.201; # list on start up.
	timeout = 5;
	uptest = query;         # Test availability using empty DNS queries.
#	query_test_name = .;    # To be used if remote servers ignore empty queries.
	interval = 30m;         # Test every half hour.
	ping_timeout = 300;     # Test should time out after 30 seconds.
	purge_cache = off;
#	edns_query = yes;	# Use EDNS for outgoing queries to allow UDP messages
			   	# larger than 512 bytes. May cause trouble with some
			   	# legacy systems.
	exclude = .localdomain;
	policy = included;
	preset = off;
}
*/

source {
	owner=localhost;
#	serve_aliases=on;
	file="/etc/hosts";
}

/*
include {file="/etc/pdnsd.include";}	# Read additional definitions from /etc/pdnsd.include.
*/

rr {
	name=localhost;
	reverse=on;
	a=127.0.0.1;
	owner=localhost;
	soa=localhost,root.localhost,42,86400,900,86400,86400;
}

/*
neg {
	name=doubleclick.net;
	types=domain;   # This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
	name=bad.server.com;   # Badly behaved server you don't want to connect to.
	types=A,AAAA;
}
*/

my dnscrypt-proxy is:

 DNSCRYPT_LOCALIP=127.0.0.2
DNSCRYPT_LOCALPORT=53
DNSCRYPT_USER=nobody
DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
DNSCRYPT_RESOLVERIP=208.67.220.220
DNSCRYPT_RESOLVERPORT=443
--edns-payload-size=4096

I have Before=pdnsd.service uncommented in dnscrypt-proxy.service
My resolve.conf is:

# Generated by resolvconf
#nameserver 24.116.0.53
#nameserver 24.116.2.50
nameserver 127.0.0.1
options edns0

And NetworkManger is set 1pv4 server 127.0.0.1

Dnscrypt takes over and is running while pdnsd is failed.  I have dug and dug through the internet and haven't found an answer.  It looks to me like everything is configed properly,  I would be eternally gratefull for help in fixing this!

Last edited by jo-shva (2015-04-12 13:47:25)


"Democracy is being allowed to vote for the candidate you dislike least." -- Robert Byrne
http://killhellokitty.deviantart.com/

Offline

#2 2015-04-12 13:45:54

jo-shva
Member
From: Sherman, TX USA
Registered: 2010-10-18
Posts: 133

Re: Pdnsd or Unbound and Dnscrypt wont run at same time [SOLVED]

Since I haden't recieved any replies to this topic.  I decided to try Unbound instead of Pdnsd.
I had a similar problem after install, Unbound would race and not connect to Dnscrypt.
To solve this problem, I added 'After=dnscrypt-proxy' in the Unbound.service file.  TaDah! It works!!!
I think Unbound is a bit much for my needs, but it works.
I hope this helps anyone else with trouble with Unbound and Dnscrypt-proxy
As for Pdnsd, I have no idea as to how to fix this problem, try Unbound.


"Democracy is being allowed to vote for the candidate you dislike least." -- Robert Byrne
http://killhellokitty.deviantart.com/

Offline

#3 2015-04-17 09:17:18

xpixelz
Member
From: Tunisia
Registered: 2012-02-29
Posts: 47
Website

Re: Pdnsd or Unbound and Dnscrypt wont run at same time [SOLVED]

Actually it may work with pdnsd if you run it on 127.0.0.3:

/etc/resolv.conf

nameserver 127.0.0.3
nameserver 127.0.0.1
nameserver 127.0.0.2

/etc/pdnsd.conf

global {
    ...
server_ip = 127.0.0.3;
    ...

/etc/conf.d/dnscrypt-proxy

DNSCRYPT_LOCALIP=127.0.0.1
    ...


/usr/lib/systemd/system/dnscrypt-proxy.service

[Unit]
    ...
Before=pdnsd.service
    ...

Offline

Board footer

Powered by FluxBB