[SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

kokoko3k · 2018-06-13 12:17:42

Today dnscrypt-proxy has been updated to 2.0.15 and my system stopped resolving hostnames.

root@Gozer# nslookup bbs.archlinux.org 127.0.0.1
;; connection timed out; no servers could be reached

But all seems fine (or i don't know where to look):

# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket - DNSCrypt-proxy socket
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.socket; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-06-13 14:07:13 CEST; 2min 49s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
   Listen: 127.0.0.1:53 (Stream)
           127.0.0.1:53 (Datagram)
    Tasks: 0 (limit: 4915)
   Memory: 36.0K
   CGroup: /system.slice/dnscrypt-proxy.socket

giu 13 14:07:13 Gozer systemd[1]: dnscrypt-proxy.socket: TCP_NODELAY failed: Protocol not available
giu 13 14:07:13 Gozer systemd[1]: Listening on DNSCrypt-proxy socket.
# nslookup www.archlinux.org 127.0.0.1
;; connection timed out; no servers could be reached

# systemctl status dnscrypt-proxy.service
● dnscrypt-proxy.service - DNSCrypt-proxy client
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-06-13 14:07:21 CEST; 3min 14s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
 Main PID: 4763 (dnscrypt-proxy)
    Tasks: 12 (limit: 4915)
   Memory: 10.2M
   CGroup: /system.slice/dnscrypt-proxy.service
           └─4763 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml

giu 13 14:07:41 Gozer dnscrypt-proxy[4763]: [publicarray-au2] TIMEOUT
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [publicarray-au-doh] OK (DoH) - rtt: 304ms
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [qualityology.com] OK (crypto v2) - rtt: 166ms
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [scaleway-fr] OK (crypto v2) - rtt: 52ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [securedns] TIMEOUT
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [soltysiak] OK (crypto v1) - rtt: 38ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [trashvpn] OK (crypto v2) - rtt: 35ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [ventricle.us] OK (crypto v2) - rtt: 123ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: Server with the lowest initial latency: cloudflare (rtt: 4ms)
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: dnscrypt-proxy is ready - live servers: 23

If i modify /etc/dnscrypt-proxy/dnscrypt-proxy.toml by replacing the line:

listen_addresses = []

...which is supposed to be used when using systemd socket activation, to:

listen_addresses = ["192.168.117.20:53"]

...which is my internal lan ip; it works:

root@Gozer# nslookup bbs.archlinux.org 192.168.117.20
Server:         192.168.117.20
Address:        192.168.117.20#53

Non-authoritative answer:
bbs.archlinux.org       canonical name = luna.archlinux.org.
Name:   luna.archlinux.org
Address: 5.9.250.164
Name:   luna.archlinux.org
Address: 2a01:4f8:160:3033::2

I also activated the queries log, and as expected, nothing is logged when asking names to 127.0.0.1, but are logged when asking to 192.168.117.20, so indeed dnscrypt-proxy can resolve names, but somehow can't read my queries.

Reverting back to 2.0.14 and restarting the socket/service make things work again. even with listen_addresses = []

Any idea?

-EDIT
I made it work by reading old forum messages that say to disable the socket activation and enable the service, and indeed it works now.

Last edited by kokoko3k (2018-06-13 12:29:02)

ice · 2018-06-18 00:29:02

kokoko3k wrote:

Today dnscrypt-proxy has been updated to 2.0.15 and my system stopped resolving hostnames.

root@Gozer# nslookup bbs.archlinux.org 127.0.0.1
;; connection timed out; no servers could be reached

But all seems fine (or i don't know where to look):

# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket - DNSCrypt-proxy socket
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.socket; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-06-13 14:07:13 CEST; 2min 49s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
   Listen: 127.0.0.1:53 (Stream)
           127.0.0.1:53 (Datagram)
    Tasks: 0 (limit: 4915)
   Memory: 36.0K
   CGroup: /system.slice/dnscrypt-proxy.socket

giu 13 14:07:13 Gozer systemd[1]: dnscrypt-proxy.socket: TCP_NODELAY failed: Protocol not available
giu 13 14:07:13 Gozer systemd[1]: Listening on DNSCrypt-proxy socket.
# nslookup www.archlinux.org 127.0.0.1
;; connection timed out; no servers could be reached

# systemctl status dnscrypt-proxy.service
● dnscrypt-proxy.service - DNSCrypt-proxy client
   Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-06-13 14:07:21 CEST; 3min 14s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
 Main PID: 4763 (dnscrypt-proxy)
    Tasks: 12 (limit: 4915)
   Memory: 10.2M
   CGroup: /system.slice/dnscrypt-proxy.service
           └─4763 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml

giu 13 14:07:41 Gozer dnscrypt-proxy[4763]: [publicarray-au2] TIMEOUT
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [publicarray-au-doh] OK (DoH) - rtt: 304ms
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [qualityology.com] OK (crypto v2) - rtt: 166ms
giu 13 14:07:43 Gozer dnscrypt-proxy[4763]: [scaleway-fr] OK (crypto v2) - rtt: 52ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [securedns] TIMEOUT
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [soltysiak] OK (crypto v1) - rtt: 38ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [trashvpn] OK (crypto v2) - rtt: 35ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: [ventricle.us] OK (crypto v2) - rtt: 123ms
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: Server with the lowest initial latency: cloudflare (rtt: 4ms)
giu 13 14:07:45 Gozer dnscrypt-proxy[4763]: dnscrypt-proxy is ready - live servers: 23

If i modify /etc/dnscrypt-proxy/dnscrypt-proxy.toml by replacing the line:

listen_addresses = []

...which is supposed to be used when using systemd socket activation, to:

listen_addresses = ["192.168.117.20:53"]

...which is my internal lan ip; it works:

root@Gozer# nslookup bbs.archlinux.org 192.168.117.20
Server:         192.168.117.20
Address:        192.168.117.20#53

Non-authoritative answer:
bbs.archlinux.org       canonical name = luna.archlinux.org.
Name:   luna.archlinux.org
Address: 5.9.250.164
Name:   luna.archlinux.org
Address: 2a01:4f8:160:3033::2

I also activated the queries log, and as expected, nothing is logged when asking names to 127.0.0.1, but are logged when asking to 192.168.117.20, so indeed dnscrypt-proxy can resolve names, but somehow can't read my queries.

Reverting back to 2.0.14 and restarting the socket/service make things work again. even with listen_addresses = []

Any idea?

-EDIT
I made it work by reading old forum messages that say to disable the socket activation and enable the service, and indeed it works now.

What is the thread that you watched to activate it in version 2.0.15-1?

kokoko3k · 2018-06-19 19:12:23

I did not make it work through socket activation and the thread i watched was referring to the previous version.
Honestly i can't tell you why 2.0.14 worked for me in the first place, while 2.0.15 did not.

RickDeckard · 2018-06-21 20:31:26

I've been having this problem for a few days and I just recently found it out for myself. Using socket activation on 2.0.15 will cause systemd to sometimes "hold on to" sockets or file descriptors even after the service is shut down, preventing any new sockets from being created.

kokoko3k · 2018-06-22 11:58:18

Yeah, that is consistend with my tries.
Sometimes it worked, sometimes not, now i understand it was just a matter of timings.
Well... classic old ip listen works fine, so i'll leave as it is now.

Arch Linux

#1 2018-06-13 12:17:42

[SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

#2 2018-06-18 00:29:02

Re: [SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

#3 2018-06-19 19:12:23

Re: [SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

#4 2018-06-21 20:31:26

Re: [SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

#5 2018-06-22 11:58:18

Re: [SOLVED] dnscrypt-proxy-2.0.15 dont to work with socket activation.

Board footer