Hey there, maybe someone here can help me fixing my issue. I recently installed dnscrypt on my Arch setup and configured my already-installed dnsmasq (for caching) to work with dnscrypt. At first it worked just fine and I could dig/ping every hostname and everything worked as it should. After a reboot I noticed that I couldn't resolve hostnames anymore. I can ping IP's directly but when ping/dig a hostname I get "unknown host" as answer/output. I followed the wiki: https://wiki.archlinux.org/index.php/DNSCrypt 1.) pacman -S dnscrypt-proxy dnsmasq 2.) I am using NetworkManager and Network-Manager-applet (GNOME) in which I changed the dns server of my current connection to 127.0.0.1 (but that shouldn't even matter, see the settings below): systemctl edit dnscrypt-proxy.socket: Code: [Socket] ListenStream= ListenDatagram= ListenStream=127.0.0.1:40 ListenDatagram=127.0.0.1:40 /etc/dnsmasq.conf: Code: no-resolv server=127.0.0.1#40 listen-address=127.0.0.1 cache-size=1000 To run dnsmasq with networkmanager: /etc/NetworkManager/NetworkManager.conf Code: [main] plugins=keyfile dhcp=dhclient #dns=default dns=dnsmasq ## Set static hostname #[keyfile] #hostname=foobar ## HTTP-based connectivity check #[connectivity] #uri=http://nmcheck.gnome.org/check_network_status.txt #interval=100 And since dnsmasq via networkmanager uses its own configuration file I re-created the dnsmasq.conf for networkmanager as well: nano /etc/NetworkManager/dnsmasq.d/cache: Code: cache-size=1000 no-resolv server=127.0.0.1#40 listen-address=127.0.0.1 /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service: Code: [Unit] Description=DNSCrypt client proxy Requires=dnscrypt-proxy.socket [Install] Also=dnscrypt-proxy.socket WantedBy=multi-user.target [Service] Type=simple NonBlocking=true ExecStart=/usr/bin/dnscrypt-proxy \ -R cisco /usr/lib/systemd/system/dnscrypt-proxy.service: Code: [Unit] Description=DNSCrypt client proxy Requires=dnscrypt-proxy.socket [Install] Also=dnscrypt-proxy.socket WantedBy=multi-user.target [Service] Type=simple NonBlocking=true ExecStart=/usr/bin/dnscrypt-proxy \ -R cisco And here is the output of dnscrypt-proxy.service and .socket: Code: sneida@_____:~$ sudo systemctl status dnscrypt-proxy.service -l [sudo] password for sneida: * dnscrypt-proxy.service - DNSCrypt client proxy Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2016-01-19 19:04:16 CET; 30min ago Main PID: 446 (dnscrypt-proxy) Tasks: 1 (limit: 512) CGroup: /system.slice/dnscrypt-proxy.service `-446 /usr/bin/dnscrypt-proxy -R cisco Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] - [cisco] does not support Namecoin domains Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [NOTICE] Starting dnscrypt-proxy 1.6.0 Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] Generating a new session key pair Jan 19 19:04:16 _____ dnscrypt-proxy[446]: [INFO] Done Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Server certificate #1435874751 received Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] This certificate looks valid Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02] Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [INFO] Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315 Jan 19 19:04:21 _____ dnscrypt-proxy[446]: [NOTICE] Proxying from 127.0.0.1:40 to 208.67.220.220:443 sneida@_____:~$ sudo systemctl status dnscrypt-proxy.socket -l * dnscrypt-proxy.socket - dnscrypt-proxy listening socket Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.socket; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/dnscrypt-proxy.socket.d `-override.conf Active: active (running) since Tue 2016-01-19 19:04:16 CET; 30min ago Listen: 127.0.0.1:40 (Stream) 127.0.0.1:40 (Datagram) Jan 19 19:04:16 _____ systemd[1]: Listening on dnscrypt-proxy listening socket. dnsmasq.service is disabled as NetworkManager is supposed to start it (which is the case), systemctl status dnsmasq.service: Code: Dnsmasq.service - a lightweight dhcp and caching dns server Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled) Active: inactive (dead) Followed by the complete bash_history, including the point where I did a reboot and everything broke: http://pastebin.com/M3Rp80Ag ----------------------------------------------------------------------------- ping archlinux.org gives me "unknown host" :/ ping ip works though. Any ideas? :/ Thanks !
Hm, I haven't looked very thoroughly into your settings but perhaps this helps. It seems that dnscrpyt-proxy.socket can cause problems so disabling or actually masking it (sudo systemctl mask dnscrypt-proxy.socket) might help.
Thanks I will give it a try but comparing the status output of dnsmasw in your link with mine it looks like the status of my dnsmasw is not correct?
Have you followed the steps here? FWIW, my NetworkManager.conf looks like this: Code: [main] plugins=keyfile dhcp=dhclient # dns=default dns=none I can't really remember why I did that However, I'm using unbound instead of dnsmasq but that shouldn't make a difference, IMO.
Yep I already had dnsmasq as cacher configured for some months. And also after installing dnscrypt it still cached fine, until I did a reboot. What I just tried: I changed the dnsmasq.conf to Code: no-resolv Listen-address: 127.0.0.1 Cache-size=1000 So I completely left away the server=127.0.0.1#40 (listening to dnscrypt) but I still cant resolve hostnames. Which means dnsmasq right now is not touching dnscrypt at all but still cant resolve hostnames? @Edit: changing dns=none didn't help :/
Well looks like I guessed right.. dnsmasq.service is the problem, and the cause of if is libvirt ! libvirt seems to run its own instance of dnsmasq (with its own configuration) that somehow interferes with dnsmasq's configuration. I have no idea what suddenly breaks all that because I had libvirt + dnsmasq already running for 2-3 months. Any suggestions ?