You are not logged in.

#1 2016-11-25 17:38:40

Utini
Member
Registered: 2015-09-28
Posts: 452
Website

DNSSEC validation fails but I configured it correctly?

I am running dnscrypt with dnsmasq on a dnssec resolver (dnscrypt.eu-nl).

Dnscrypt is running:

* dnscrypt-proxy.service - DNSCrypt client proxy
   Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d
           `-override.conf
   Active: active (running) since Fri 2016-11-25 18:31:21 CET; 6min ago
     Docs: man:dnscrypt-proxy(8)
  Process: 4095 ExecStart=/usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-nl --local-address=127.0.0.1:40 --user=nobody -d (code=exited, status=0/SUCCESS)
 Main PID: 4096 (dnscrypt-proxy)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnscrypt-proxy.service
           `-4096 /usr/bin/dnscrypt-proxy --ephemeral-keys --resolver-name=dnscrypt.eu-nl --local-address=127.0.0.1:40 --user=nobody -d

Nov 25 18:31:21 _____ dnscrypt-proxy[4095]: [INFO] + Provider supposedly doesn't keep logs
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Starting dnscrypt-proxy 1.7.0
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Ephemeral keys enabled - generating a new seed
Nov 25 18:31:21 _____ systemd[1]: Started DNSCrypt client proxy.
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Done
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Server certificate with serial '0001' received
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: This certificate is valid
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Chosen certificate #808464433 is valid from [2016-09-08] to [2017-09-08]
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Server key fingerprint is 72DF:BE14:531F:F2AD:FD0F:BC8B:F711:B93D:799F:E4D0:34EC:D26B:8BF9:FFA9:32E7:2B79
Nov 25 18:31:21 _____ dnscrypt-proxy[4096]: Proxying from 127.0.0.1:40 to 176.56.237.171:443

my dnsmysq.conf:

no-resolv
server=127.0.0.1#40
server=127.0.0.1#41
listen-address=127.0.0.1
cache-size=1000
#dnssec
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
proxy-dnssec

I have dnssec-anchors and ldns installed.

What am I doing wrong?


Setup 1: Thinkpad T14s G3, 14" FHD - R7 6850U - 32GB RAM - 2TB Solidigm P44 Pro NVME
Setup 2: Thinkpad X1E G1, 15.6" FHD - i7-8850H - 32GB RAM - NVIDIA GTX 1050Ti - 2x 1TB Samsung 970 Pro NVME
Accessories: Filco Majestouch TKL MX-Brown Mini Otaku, Benq XL2420T (144Hz), Lo(w)gitech G400, Puretrak Talent, Sennheiser HD800S + Meier Daccord FF + Meier Classic FF

Offline

Board footer

Powered by FluxBB