You are not logged in.
I have DNScrypt setup to work with Unbound and am using 2 DNScrypt servers. I can connect to the internet and drill'ing hosts works, but when I run journalctl I get the following output:
Nov 09 18:57:02 spunbox systemd[1]: Starting DNSCrypt client proxy...
Nov 09 18:57:02 spunbox systemd[1]: Stopped DNSCrypt client proxy.
Nov 09 18:57:03 spunbox systemd[1]: Starting DNSCrypt client proxy...
Nov 09 18:57:03 spunbox dnscrypt-proxy[12802]: [INFO] + DNS Security Extensions are supported
Nov 09 18:57:03 spunbox dnscrypt-proxy[12802]: [INFO] + Provider supposedly doesn't keep logs
Nov 09 18:57:03 spunbox dnscrypt-proxy[12802]: [NOTICE] Starting dnscrypt-proxy 1.7.0
Nov 09 18:57:03 spunbox dnscrypt-proxy[12802]: [INFO] Generating a new session key pair
Nov 09 18:57:03 spunbox dnscrypt-proxy[12802]: [INFO] Done
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] + DNS Security Extensions are supported
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] + Namecoin domains can be resolved
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] + Provider supposedly doesn't keep logs
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [NOTICE] Starting dnscrypt-proxy 1.7.0
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] Generating a new session key pair
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] Done
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] Server certificate with serial '0001' received
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] This certificate is valid
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] Chosen certificate #808464433 is valid from [2014-10-15] to [2019-10-14]
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [INFO] Server key fingerprint is F0AD:8CEB:52C5:8DCD:0244:C28B:550A:BA4F:7BDB:4593:6F19:63DB:72D3:683A:30C0:0612
Nov 09 18:57:03 spunbox dnscrypt-proxy[12801]: [NOTICE] Proxying from 127.0.0.1:60309 to 178.216.201.222:2053
Nov 09 18:57:18 spunbox dnscrypt-proxy[12802]: [ERROR] Unable to retrieve server certificates
Nov 09 18:57:19 spunbox dnscrypt-proxy[12802]: [INFO] Refetching server certificates
Nov 09 18:57:34 spunbox dnscrypt-proxy[12802]: [ERROR] Unable to retrieve server certificates
Nov 09 18:57:37 spunbox dnscrypt-proxy[12802]: [INFO] Refetching server certificates
Nov 09 18:57:52 spunbox dnscrypt-proxy[12802]: [ERROR] Unable to retrieve server certificates
Nov 09 18:57:58 spunbox dnscrypt-proxy[12802]: [INFO] Refetching server certificates
Nov 09 18:58:13 spunbox dnscrypt-proxy[12802]: [ERROR] Unable to retrieve server certificates
Nov 09 18:58:22 spunbox dnscrypt-proxy[12802]: [INFO] Refetching server certificates
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@soltysiak.service: Start operation timed out. Terminating.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@4armed.service: Start operation timed out. Terminating.
Nov 09 18:58:33 spunbox systemd[1]: Failed to start DNSCrypt client proxy.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@soltysiak.service: Unit entered failed state.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@soltysiak.service: Failed with result 'timeout'.
Nov 09 18:58:33 spunbox systemd[1]: Failed to start DNSCrypt client proxy.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@4armed.service: Unit entered failed state.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@4armed.service: Failed with result 'timeout'.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@soltysiak.service: Service hold-off time over, scheduling restart.
Nov 09 18:58:33 spunbox systemd[1]: dnscrypt-proxy@4armed.service: Service hold-off time over, scheduling restart.
Nov 09 18:58:33 spunbox systemd[1]: Stopped DNSCrypt client proxy.
Nov 09 18:58:33 spunbox systemd[1]: Starting DNSCrypt client proxy...
Nov 09 18:58:33 spunbox systemd[1]: Stopped DNSCrypt client proxy.
Nov 09 18:58:33 spunbox systemd[1]: Starting DNSCrypt client proxy...
Nov 09 18:58:33 spunbox dnscrypt-proxy[13172]: [INFO] + DNS Security Extensions are supported
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] + DNS Security Extensions are supported
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] + Namecoin domains can be resolved
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] + Provider supposedly doesn't keep logs
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [NOTICE] Starting dnscrypt-proxy 1.7.0
Nov 09 18:58:33 spunbox dnscrypt-proxy[13172]: [INFO] + Provider supposedly doesn't keep logs
Nov 09 18:58:33 spunbox dnscrypt-proxy[13172]: [NOTICE] Starting dnscrypt-proxy 1.7.0
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] Generating a new session key pair
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] Done
Nov 09 18:58:33 spunbox dnscrypt-proxy[13172]: [INFO] Generating a new session key pair
Nov 09 18:58:33 spunbox dnscrypt-proxy[13172]: [INFO] Done
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] Server certificate with serial '0001' received
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] This certificate is valid
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] Chosen certificate #808464433 is valid from [2014-10-15] to [2019-10-14]
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [INFO] Server key fingerprint is F0AD:8CEB:52C5:8DCD:0244:C28B:550A:BA4F:7BDB:4593:6F19:63DB:72D3:683A:30C0:0612
Nov 09 18:58:33 spunbox dnscrypt-proxy[13173]: [NOTICE] Proxying from 127.0.0.1:60309 to 178.216.201.222:2053
Nov 09 18:58:48 spunbox dnscrypt-proxy[13172]: [ERROR] Unable to retrieve server certificates
Nov 09 18:58:49 spunbox dnscrypt-proxy[13172]: [INFO] Refetching server certificates
Nov 09 18:59:04 spunbox dnscrypt-proxy[13172]: [ERROR] Unable to retrieve server certificates
Nov 09 18:59:07 spunbox dnscrypt-proxy[13172]: [INFO] Refetching server certificates
My journalctl is just FULL of this as it occurs every minute pretty much.
Below are my related configs
Here is my /etc/unbound/unbound.conf
server:
interface: 127.0.0.1
port: 53
do-daemonize: yes
username: "unbound"
# Security
hide-identity: yes
hide-version: yes
harden-short-bufsize: yes
harden-large-queries: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: yes
prefetch: yes
# Performance
num-threads: 2
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
rrset-cache-size: 100m
msg-cache-size: 50m
outgoing-range: 206
num-queries-per-thread: 128
so-rcvbuf: 4m
so-sndbuf: 4m
so-reuseport: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
directory: "/etc/unbound"
trust-anchor-file: trusted-key.key
use-syslog: no
verbosity: 1
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@60309
forward-addr: 127.0.0.1@57782
remote-control:
control-enable: no
/etc/systemd/system/dnscrypt-proxy@.service
Note: yes I have the dnscrypt user created
[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
Requires=dnscrypt-proxy@%i.socket
[Service]
Type=notify
NonBlocking=true
ExecStart=/usr/sbin/dnscrypt-proxy --resolver-name %i --user=dnscrypt
Restart=always
/etc/systemd/system/dnscrypt-proxy@4armed.socket
[Unit]
Description=dnscrypt-proxy listening socket
[Socket]
ListenStream=127.0.0.1:57782
ListenDatagram=127.0.0.1:57782
[Install]
WantedBy=sockets.target
/etc/systemd/system/dnscrypt-proxy@soltysiak.socket
[Unit]
Description=dnscrypt-proxy listening socket
[Socket]
ListenStream=127.0.0.1:60309
ListenDatagram=127.0.0.1:60309
[Install]
WantedBy=sockets.target
My /etc/resolv.conf is set to point at 127.0.0.1 and is chattr +i so it wont be overwritten.
I cant find any help on this issue. I have tried like 6 other DNSCrypt servers and it still is producing the same errors.
Please help.
Last edited by acidvegas (2016-11-10 00:26:29)
Offline