You are not logged in.

#1 2019-10-06 17:41:45

Artlav
Member
Registered: 2016-07-11
Posts: 36
Website

A DNS proxy locks up on start until a real one is given in resolv.conf

I want DNS to go over TLS, so i run a caching proxy which is available at 127.0.0.1 and caches/forwards the requests over TLS to CloudFlare.
In resolvconf.conf i have name_servers=127.0.0.1
Normally this works just fine, except for when the system boots up.

On boot up the proxy hangs before starting.
If i try to run the proxy directly, it hangs at start.
If i try to run it with systemctl, the systemctl (re)start command hangs.
If i try to run it with a third party service manager, the whole service manager hangs up when trying to launch it.

There are no errors, no timeouts, no printouts, just hanging up when you or one of your child processes tries to listen port 53.

However, if i open /etc/resolv.conf and temporarily add a nameserver 8.8.8.8 in there instead of nameserver 127.0.0.1, then everything will un-hang a few seconds later and works happily ever after, including being restarted.

What could be causing it? It's like something is desperate to resolve something just after boot, and prevents anything touching the DNS port from getting started until it does.

Offline

#2 2019-10-06 18:10:34

nomorewindows
Member
Registered: 2010-04-03
Posts: 3,362

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

Which proxy are you using?

You can use cloudflare's DNS 1.1.1.1.

What network manager are you using?


I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.

Offline

#3 2019-10-06 18:28:04

Artlav
Member
Registered: 2016-07-11
Posts: 36
Website

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

The problem is that i want DNS encrypted, so whether it's 1.1.1.1 or 8.8.8.8 does not matter as much as whether there is a DNS-over-TLS compatible resolver in the way or not.
The wifi is managed by netctl, wired ethernet is started by a script when needed (dhcpcd), the problem exists in both cases.

Offline

#4 2019-10-06 18:47:09

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

nomorewindows wrote:

Which proxy are you using?

Artlav, this question is important. What do you use as your caching proxy with DoT resolver?

Edit: I have no issues during startup with dnscrypt-proxy using dnscrypt and DoH servers. It just waits for network connectivity before starting to listen on port 53.

Last edited by progandy (2019-10-09 20:09:01)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#5 2019-10-09 19:29:30

nomorewindows
Member
Registered: 2010-04-03
Posts: 3,362

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

progandy wrote:
nomorewindows wrote:

Which proxy are you using?

What do you use as your caching proxy with DoT resolver?

Edit: I have no issues during startup with dnscrypt-proxy using dnscrypt and DoH servers. It just waits for network connectivity before starting to listen on port 53.

I'm just using proxy, but no DoT.


I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.

Offline

#6 2019-10-09 20:11:00

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

nomorewindows wrote:

I'm just using proxy, but no DoT.

My post was unclear, I'm sorry. I just wanted to repeat your question for Artlav, so I fixed it now.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#7 2019-12-04 03:52:50

Artlav
Member
Registered: 2016-07-11
Posts: 36
Website

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

Sorry for the wait, haven't used that system in a while.

The proxy is custom, a simple wrap-and-forward thing listening on DNS port and connecting to an encrypted server.

I've tried to compare the before and after of the lockup, and while it's locked up there is an ntpd process sitting there. Once it unhangs, the ntpd process is gone (and time syncs).

Could ntpd somehow be preventing a DNS resolver and everything before it from starting like that?

Offline

#8 2019-12-04 04:13:24

Artlav
Member
Registered: 2016-07-11
Posts: 36
Website

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

Ok, so i've replaced the names of the NTP servers with their IPs and the problem vanished.

That is, in /etc/ntp.conf
instead of:

server 0.arch.pool.ntp.org
server 1.arch.pool.ntp.org
server 2.arch.pool.ntp.org
server 3.arch.pool.ntp.org

I put in their IPs as of right now:

server 91.209.0.17
server 162.159.200.123
server 83.168.200.198
server 217.75.106.216

And everything works.

Naturally, this isn't a very long-term solution so i wonder what is it about ntpd that would cause a lock up like that?

Last edited by Artlav (2019-12-04 04:13:54)

Offline

#9 2019-12-04 17:05:08

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

That might be a typical catch 22 situation. the TLS connection requires a correctly set system time and ntp wants to look up the dns records for the time server.

Edit: Is you system time without running ntp correct? If not, then you should set the realtime clock.

Last edited by progandy (2019-12-04 17:06:45)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#10 2019-12-05 04:45:46

Artlav
Member
Registered: 2016-07-11
Posts: 36
Website

Re: A DNS proxy locks up on start until a real one is given in resolv.conf

Interesting.
Pre-NTP the time is off by a few seconds, considering that TLS only use it for certificate validation it shouldn't matter that much unless i'm off by months and years.

Still, it raises a question of how would it know that the time haven't been synced yet.
Is there some signal/event ntpd generates on sync?
There has to be some sort of a "Just trust the RTC" option somewhere.

Offline

Board footer

Powered by FluxBB