DNSCrypt v1.3 released

Discussion in 'other software & services' started by funkydude, Apr 27, 2013.

Thread Status:
Not open for further replies.
  1. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    Don't think I saw a thread for this, DNSCrypt updates are pretty quiet and I only just noticed it. It also doesn't help that that GUI download from opendns.com hasn't been updated since its initial release, it's still a "preview".

    So this thread pretty much only concerns those that run the proxy manually as a service or otherwise.

    http://download.dnscrypt.org/dnscrypt-proxy/
     
  2. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    So you are using the proxy and run it as service right? Is there any flaw in doing that? (Could it introduce vulnerabilities? Or not? :D)
     
  3. jedisct1

    jedisct1 Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    39
    Location:
    San Francisco, CA
    DNSCrypt is constantly being updated. Being an opensource project, you can watch each change on GitHub: https://github.com/jedisct1/dnscrypt-proxy/commits/master

    The Windows GUI hasn't been updated for ages and ships with a very early beta version of DNSCrypt that should not be used. Use the proxy directly.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    Can you link to instructions for the proxy? I can't see it in the forum page you linked.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    http://dnscrypt.org/

    I should have said "releases are pretty quiet".
     
  6. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's actually been on 1.3 for some time, and is now on 1.3.1.

    Just an FYI for Linux users:

    1) Guide for installing/ setting up DNSCrypt
    http://www.insanitybit.com/2012/07/23/setting-up-dnscrypt-by-opendns-on-an-ubuntu-12-04-system-8/

    2) Locking down DNSCrypt in various ways (separating to another user, iptables rules, a few others)
    http://www.insanitybit.com/2013/06/26/hardening-dnscrypt/

    3) PPA for DNSCrypt that includes the apparmor profile I've written (patch has been accepted to the source code as well)
    https://launchpad.net/~shnatsel/ archive/dnscrypt

    If you use (3) you don't need (1)

    I'm hopefully going to be committing some code (ideally, but not limited to seccomp filters but there are some significant challenges for it) for other stuff. It's a cool project and I highly recommend it.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Unfortunately, this is still the old version 0.0.6, digitally signed August 2012, so the OpenDNS gui is still dead.
     
  9. tlu

    tlu Guest

    Hungry, I read your blog posts - very helpful. Unfortunately I wasn't able to compile v. 1.3 and 1.3.1 on Kubuntu 13.04. Can't remember the exact error messages ATM, though :oops:

    EDIT: I haven't tried the PPA yet.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It was likely that the libsodium dependency wasn't met. The PPA solves that.
     
  11. tlu

    tlu Guest

    it does, indeed. :thumb:

    Now I'm looking for making it work with Dnsmasq.
     
  12. tlu

    tlu Guest

    Solved. I had to add the line

    server=127.0.0.2

    to /etc/dnsmasq.conf
     
  13. tlu

    tlu Guest

    @Hungry: The AppArmor profile contains an error. It points to

    /usr/local/sbin/dnscrypt-proxy

    which doesn't exist and must be changed to

    /usr/sbin/dnscrypt-proxy

    Do you know why 2 dnscrypt-proxy processes are runinng? One as user dnscrypt (as it should) and one as user root.

    And sudo aa-status says:

    2 processes are unconfined but have a profile defined.
    /usr/sbin/dnscrypt-proxy (1296)
    /usr/sbin/dnscrypt-proxy (1356)

    Any idea how to solve that?
     
  14. tlu

    tlu Guest

    Just got an update from the ppa. Shnatsel corrected that error :thumb:
     
  15. tlu

    tlu Guest

    @jedisct1: I checked if dnscrypt-proxy combined with dnsmasq works as it should. If I start tcpdump as suggested here in post #2, I get, e.g.,

    which should confirm that all is well. However, if I execute

    Code:
    dig txt debug.opendns.com
    as suggested in your post #3 in that thread, I get

    How come? Doesn't that contradict the first result?

    EDIT: I wasn't able to see any "Malformed packet" in Wireshark as suggested here.
     
Loading...
Thread Status:
Not open for further replies.