Welcome!
Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.2 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

[Abandoned] Package request: dnscrypt-proxy v2

For developer discussion on package requests
Post Reply
User avatar
pemartins
Forum Novice
Forum  Novice
Posts: 48
Joined: Fri Nov 09, 2018 5:15 am

[Abandoned] Package request: dnscrypt-proxy v2

#1

Post by pemartins » Thu Jan 10, 2019 4:23 am

Currently on the MX 17/18 repo we only have the old and unmaintained version of dnscrypt-proxy, is it possible to have the new version 2 instead?
Debian has it on the test branches.


EDIT: never mind, I cannot get it to work. For what I've been browsing it's a systemd thing.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 19083
Joined: Fri Dec 15, 2006 8:07 pm

Re: [Abandoned] Package request: dnscrypt-proxy v2

#2

Post by Stevo » Thu Jan 10, 2019 6:42 pm

Does it work if you boot MX with systemd?

User avatar
rootetsy
Forum Novice
Forum  Novice
Posts: 41
Joined: Sat May 12, 2018 8:45 pm

Re: [Abandoned] Package request: dnscrypt-proxy v2

#3

Post by rootetsy » Thu Jan 10, 2019 6:49 pm

This sound like you're trying to do DNS over TLS. I haven't tried dnscrypt-proxy before but I was able to get this mostly working with Unbound. I have a thread about it here:
viewtopic.php?f=80&t=46918

The only thing that I couldn't get working was the certificate verification. It looks like the version of Unbound in the debian stable repos are not a high enough version and the one from Debian Testing needs a higher version of libc. :(

So that might help you. It would be great to have others feedback on that. :)

User avatar
pemartins
Forum Novice
Forum  Novice
Posts: 48
Joined: Fri Nov 09, 2018 5:15 am

Re: [Abandoned] Package request: dnscrypt-proxy v2

#4

Post by pemartins » Fri Jan 11, 2019 1:36 am

Stevo wrote:
Thu Jan 10, 2019 6:42 pm
Does it work if you boot MX with systemd?
Apparently it all seems to work but when testing it does not change the dns provider. All behaves as expected following these instructions but when I test it here or here, it does change the IP address number's final digits but not the country or the ISP no matter what server I put on server_names = ['********'] at /etc/dnscrypt-proxy/dnscrypt-proxy.toml It always shows the info of my ISP provider.
Testing in kde neon it does change the country and the ISP.

But nevertheless it is not my goal to use systemd so even if I got it to work it wouldn't be of much value.

---
rootetsy wrote:
Thu Jan 10, 2019 6:49 pm
This sound like you're trying to do DNS over TLS. I haven't tried dnscrypt-proxy before but I was able to get this mostly working with Unbound. I have a thread about it here:
viewtopic.php?f=80&t=46918

The only thing that I couldn't get working was the certificate verification. It looks like the version of Unbound in the debian stable repos are not a high enough version and the one from Debian Testing needs a higher version of libc. :(

So that might help you. It would be great to have others feedback on that. :)
I cannot be of assistance due to lack of knowledge, basically I wanna use dnscrypt-proxy because I came across an article that said that it solves a security/privacy problem I didn't even know existed. I did some browsing on the matter and that's all the knowledge I have, technically I know nothing on the matter. :frown:

User avatar
rootetsy
Forum Novice
Forum  Novice
Posts: 41
Joined: Sat May 12, 2018 8:45 pm

Re: [Abandoned] Package request: dnscrypt-proxy v2

#5

Post by rootetsy » Sun Jan 13, 2019 12:18 pm

Hi pemartins,

OK it definitely sounds like you're trying to solve the same problem as me. At least at this step.

I haven't tried dnscrypt-proxy but it looks like the version in the Debian Testing repo has the same problem as Unbound ( the method I'm using ). dnscrypt-proxy v2 requires a newer version of libc6 than is currently not available with Debian Stable unfortunately.

Maybe one of the talented guys here at MX can weigh in but I think that libc6 requirement is a killer for us on Debian Stable.

That said, Unbound is working for me and shows Cloudflare as my "ISP" in the tests that you are using to verify. Additionally, my DNS traffic is encrypted and can be verified with tcpdump. :) Check out this guide that I followed to get it working.
https://www.dnsknowledge.com/unbound/co ... -on-linux/

It's for Centos but it works on Debian too. The only part we're missing from this setup is the section labeled "How do I verifying the certificates of the forwarders with this setup?". That part can't be done in the version that we have available.

So what does that leave us with? With the Unbound setup that I'm using it does indeed encrypt all of my DNS traffic. That will stop most ISP's and attackers from spying or manipulating my DNS traffic. Only more advanced MITM attacks would be able to spy or change the DNS results in this case. SImply because it doesn't actually verify the SSL connection.

The Unbound setup actually looks easier to setup to me than dnscrypt-proxy too.

Let me know if you have any questions about the config I'm using with Unbound. And of course, if you do get dnscrypt-proxy working correcty let me know. :)

Cheers!

User avatar
pemartins
Forum Novice
Forum  Novice
Posts: 48
Joined: Fri Nov 09, 2018 5:15 am

Re: [Abandoned] Package request: dnscrypt-proxy v2

#6

Post by pemartins » Sun Jan 13, 2019 10:52 pm

rootetsy wrote:
Sun Jan 13, 2019 12:18 pm
That said, Unbound is working for me and shows Cloudflare as my "ISP" in the tests that you are using to verify.
I apologize again if I'm saying nonsense because I totally lack the knowledge, but is there a chance that it is not working properly for you? Let me explain for what I observed in my testing using kde neon and this website.

1- Without dnscrypt-proxy, using automatic dns from my isp
I get something like
IP HOSTNAME ISP COUNTRY
62.169.xx.xxx 62.169.xx.xxx.rev.xxxx.xx <name of my ISP> <my country flag>
+ several equal lines more only changing the final couple of digits of the IP

2- Without dnscrypt-proxy, using automatic (only addresses) with Coudfare's dns 1.1.1.1, 1.0.0.1
IP HOSTNAME ISP COUNTRY
172.68.xxx.xx CLOUDFLARENET <my country flag>
+ several equal lines more only changing the final couple of digits of the IP

3- With dnscrypt-proxy working with the default settings, untouched and without any personal server settings
IP HOSTNAME ISP COUNTRY
77.66.84.233 resolver2.dnscrypt.eu Inota DK
178.216.201.222 dc1.soltysiak.com E24-NET PL
77.72.125.206 206.125.72.77.chtp.net LTD "Chaika Telecom Peterburg" ISP RU
37.221.195.181 trashvpn.de netcup GmbH DE
77.88.56.72 Yandex enterprise network RU

So wouldn't you be getting the same results you have now if you just entered Cloudfare's DNS like I did in 2, without even using Unbound at all?
Can you test it with tcpdump and check if the traffic is getting encrypted as well?

I have the idea that, for it to be working, that maybe at least a different country should be being shown? So some routing/encrypting was taking place?
But like I said, maybe I'm just saying nonsense because I totally lack any technical knowledge.

User avatar
Brigs
Forum Novice
Forum  Novice
Posts: 20
Joined: Sun May 07, 2017 9:07 am

Re: [Abandoned] Package request: dnscrypt-proxy v2

#7

Post by Brigs » Wed Mar 06, 2019 9:33 am

pemartins wrote:
Thu Jan 10, 2019 4:23 am
Currently on the MX 17/18 repo we only have the old and unmaintained version of dnscrypt-proxy, is it possible to have the new version 2 instead?
Debian has it on the test branches.

EDIT: never mind, I cannot get it to work. For what I've been browsing it's a systemd thing.
I'm following their instruction install on linux system here. Change some parameter from their default value in dnscrypt-proxy.toml and voila.. work in MX18 without need to remove resolvconf package. Opening tcp/udp 53 as service in my localnet so other device can connect as working dns server.
Stevo wrote:
Thu Jan 10, 2019 6:42 pm
Does it work if you boot MX with systemd?

Yes stevo.. they give an explaination about working in systemd here. It would be nice if can be porting to MX repo too.

Code: Select all

systemctl status dnscrypt-proxy.service
● dnscrypt-proxy.service - LSB: DNSCrypt client proxy
   Loaded: loaded (/etc/init.d/dnscrypt-proxy; generated; vendor preset: enabled)
   Active: active (running) since Wed 2019-03-06 20:21:56 WIB; 6min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1020 ExecStart=/etc/init.d/dnscrypt-proxy start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/dnscrypt-proxy.service
           └─1032 /opt/dnscrypt-proxy/dnscrypt-proxy -child

Mar 06 20:21:55 DerPanzer systemd[1]: Starting LSB: DNSCrypt client proxy...
Mar 06 20:21:55 DerPanzer dnscrypt-proxy[1020]: Starting dnscrypt-proxy
Mar 06 20:21:56 DerPanzer systemd[1]: Started LSB: DNSCrypt client proxy.
MX18 - 4.19.0-16.1-liquorix
i7-2700K@4.3 - Z68V-Pro - RX-560 - 2x8GB D3 - 3x2TB

El-Capitan
i5-760@3.4 - P7P55D-E - XFX 6850B.E - 4x2GB D3 - 500GB

Post Reply

Return to “Package Requests / Status”