DNSCrypt testing?

Discussion in 'other software & services' started by bberkey1, Aug 5, 2015.

  1. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    So I've updated my DNScrypt and selected a new resolver, which all past the test and the service is running with no problems however, I'm not sure how to ensure that dnscrypt is doing its thing. I went to the OPENDNS page and tried their Phishing page test, but it failed (https://support.opendns.com/entries/25897009-How-to-Test-for-Successful-OpenDNS-Configuration-)

    Is this because of the 127:0:0:1 configuration as opposed to say an opendns address like 208:67:222:222?
     
  2. PallMall

    PallMall Guest

    I guess the resolver you've chosen is OpenDNS because otherwise it would be normal that OpenDNS tests fail...

    If you've chosen OpenDNS you can test your connection at https://www.opendns.com/welcome/
    Concerning DNSCrypt, a utility such as TCPView should display your DNSCrypt connections :

    Greenshot - 2015-08-05-23_23_23.jpg

    You may also have a look in the Registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dnscrypt-proxy\Parameters
    Your DNSCrypt resolver and ports appear there.
     
    Last edited by a moderator: Aug 5, 2015
  3. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    Alright, so I went back to that page and much have misread the results because I am now "failing" as it says "opps you're not using DNS." Also the phising link takes me to the internet bad guys page so something is off. As for the registry, these are the only entries I have in Parameters as seen below. Again, the dnsproxy.exe is running and the dnscrypt.org-fr resolver passed the test, so I'm confused. Perhaps one of my security programs is preventing a connection of some sort?
     

    Attached Files:

    • reg.png
      reg.png
      File size:
      7.7 KB
      Views:
      12
  4. PallMall

    PallMall Guest

    You've chosen as the DNSCrypt resolver dnscrypt.org-fr so it's absolutely normal that OpenDNS doesn't handle your connection. This has nothing to do by the way with DNSCrypt, it's just that your resolver is not OpenDNS, like in a regular DNS scheme. If you want OpenDNS as resolver then choose cicsco - Cisco OpenDNS (Cisco bought OpenDNS) from the dnscrypt-resolvers.csv file.
    But dnscrypt.org-fr is fine even if it does not provide the extra security OpenDNS does. On another hand dnscrypt.org-fr does not log :) and it is signed from our Paris, France!
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    An easy way to test if your DNS is using the correct resolver is doing a "leak" test generally used for VPN users.

    https://www.dnsleaktest.com/
     
  6. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    merci beaucoup for the information my friend:thumb:
     
  7. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    225
    Location:
    United States
    Thanks for the link, it passed with flying colors.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,770
    Location:
    Outer space
    Now not necessary anymore, but to confirm your DNS requests are going through DNSCrypt; kill the DNSCrypt process and your DNS requests should fail.
     
Loading...