Hallo,
Hat es hier irgendwer geschafft dnscrypt richtig aufzusetzen, so dass wirklich _alle_ dns requests über dnscrypt laufen?
Bei mir will das überhaupt nicht. Irgendwas stimmt da nicht. Es timen einfach alle DNS Requests aus.
Hier mal meine Einstellungen:
/etc/dnsmasq.conf
proxy-dnssec
no-resolv
server=127.0.0.1#40
listen-address=127.0.0.1
/etc/systemd/system/dnscrypt-proxy.service
# /usr/lib/systemd/system/dnscrypt-proxy.service
[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target
[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target
[Service]
Type=simple
NonBlocking=true
# Fill in the resolver name with one from dnscrypt-resolvers.csv file
# It is also recommended to create a dedicated system user, for example _dnscrypt
# Additional features, such as ephemeral keys and plugins, can be enabled here as well
ExecStart=/usr/bin/dnscrypt-proxy \
--resolver-name=<resolver name> \
--user=<user name to run the service as>
# /etc/systemd/system/dnscrypt-proxy.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dnscrypt-proxy \
--resolver-name=dnscrypt.eu-nl\
--user=chris
/etc/systemd/systemd/dnscrypt-proxy.socket
# /usr/lib/systemd/system/dnscrypt-proxy.socket
[Unit]
Description=dnscrypt-proxy listening socket
[Socket]
ListenStream=127.0.0.1:53
ListenDatagram=127.0.0.1:53
[Install]
WantedBy=sockets.target
# /etc/systemd/system/dnscrypt-proxy.socket.d/override.conf
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.0.1:40
ListenDatagram=127.0.0.1:40
systemctl status dnscrypt-proxy:
● dnscrypt-proxy.service - DNSCrypt client proxy
Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d
└─override.conf
Active: active (running) since Sun 2016-09-25 17:28:34 CEST; 7h ago
Docs: man:dnscrypt-proxy(8)
Main PID: 509 (dnscrypt-proxy)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnscrypt-proxy.service
└─509 /usr/bin/dnscrypt-proxy --resolver-name=dnscrypt.eu-nl --user=chris
Sep 25 23:33:45 motoko dnscrypt-proxy[509]: [INFO] Refetching server certificates
Sep 25 23:33:45 motoko dnscrypt-proxy[509]: [INFO] Server certificate with serial '0001' received
Sep 25 23:33:45 motoko dnscrypt-proxy[509]: [INFO] This certificate is valid
Sep 25 23:33:45 motoko dnscrypt-proxy[509]: [INFO] Chosen certificate #808464433 is valid from [2016-09-08] to [2017-09-08]
Sep 25 23:33:45 motoko dnscrypt-proxy[509]: [INFO] Server key fingerprint is 72DF:BE14:531F:F2AD:FD0F:BC8B:F711:B93D:799F:E4D0:34EC:D26B:8BF9:FFA9:32E7:2B79
Sep 26 00:34:36 motoko dnscrypt-proxy[509]: [INFO] Refetching server certificates
Sep 26 00:34:36 motoko dnscrypt-proxy[509]: [INFO] Server certificate with serial '0001' received
Sep 26 00:34:36 motoko dnscrypt-proxy[509]: [INFO] This certificate is valid
Sep 26 00:34:36 motoko dnscrypt-proxy[509]: [INFO] Chosen certificate #808464433 is valid from [2016-09-08] to [2017-09-08]
Sep 26 00:34:36 motoko dnscrypt-proxy[509]: [INFO] Server key fingerprint is 72DF:BE14:531F:F2AD:FD0F:BC8B:F711:B93D:799F:E4D0:34EC:D26B:8BF9:FFA9:32E7:2B79
systemctl status dnsmasq.service
● dnsmasq.service - A lightweight DHCP and caching DNS server
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2016-09-26 00:51:26 CEST; 15min ago
Docs: man:dnsmasq(8)
Main PID: 20595 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
└─20595 /usr/bin/dnsmasq -k --enable-dbus --user=dnsmasq --pid-file
Sep 26 00:51:26 motoko systemd[1]: Starting A lightweight DHCP and caching DNS server...
Sep 26 00:51:26 motoko dnsmasq[20593]: dnsmasq: syntax check OK.
Sep 26 00:51:26 motoko dnsmasq[20595]: started, version 2.76 cachesize 150
Sep 26 00:51:26 motoko dnsmasq[20595]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Sep 26 00:51:26 motoko dnsmasq[20595]: DBus support enabled: connected to system bus
Sep 26 00:51:26 motoko dnsmasq[20595]: using nameserver 127.0.0.1#40
Sep 26 00:51:26 motoko systemd[1]: Started A lightweight DHCP and caching DNS server.
Sep 26 00:51:26 motoko dnsmasq[20595]: read /etc/hosts - 11843 addresses
Wieso timen alle meine DNS-Requests aus? Alle Services laufen und sind korrekt eingestellt.