Currently on the MX 17/18 repo we only have the old and unmaintained version of dnscrypt-proxy, is it possible to have the new version 2 instead?
Debian has it on the test branches.
EDIT: never mind, I cannot get it to work. For what I've been browsing it's a systemd thing.
[Abandoned] Package request: dnscrypt-proxy v2
Re: [Abandoned] Package request: dnscrypt-proxy v2
Does it work if you boot MX with systemd?
Re: [Abandoned] Package request: dnscrypt-proxy v2
This sound like you're trying to do DNS over TLS. I haven't tried dnscrypt-proxy before but I was able to get this mostly working with Unbound. I have a thread about it here:
viewtopic.php?f=80&t=46918
The only thing that I couldn't get working was the certificate verification. It looks like the version of Unbound in the debian stable repos are not a high enough version and the one from Debian Testing needs a higher version of libc. :(
So that might help you. It would be great to have others feedback on that. :)
viewtopic.php?f=80&t=46918
The only thing that I couldn't get working was the certificate verification. It looks like the version of Unbound in the debian stable repos are not a high enough version and the one from Debian Testing needs a higher version of libc. :(
So that might help you. It would be great to have others feedback on that. :)
Re: [Abandoned] Package request: dnscrypt-proxy v2
Apparently it all seems to work but when testing it does not change the dns provider. All behaves as expected following these instructions but when I test it here or here, it does change the IP address number's final digits but not the country or the ISP no matter what server I put on server_names = ['********'] at /etc/dnscrypt-proxy/dnscrypt-proxy.toml It always shows the info of my ISP provider.
Testing in kde neon it does change the country and the ISP.
But nevertheless it is not my goal to use systemd so even if I got it to work it wouldn't be of much value.
---
I cannot be of assistance due to lack of knowledge, basically I wanna use dnscrypt-proxy because I came across an article that said that it solves a security/privacy problem I didn't even know existed. I did some browsing on the matter and that's all the knowledge I have, technically I know nothing on the matter.rootetsy wrote: ↑Thu Jan 10, 2019 6:49 pm This sound like you're trying to do DNS over TLS. I haven't tried dnscrypt-proxy before but I was able to get this mostly working with Unbound. I have a thread about it here:
viewtopic.php?f=80&t=46918
The only thing that I couldn't get working was the certificate verification. It looks like the version of Unbound in the debian stable repos are not a high enough version and the one from Debian Testing needs a higher version of libc. :(
So that might help you. It would be great to have others feedback on that. :)
Re: [Abandoned] Package request: dnscrypt-proxy v2
Hi pemartins,
OK it definitely sounds like you're trying to solve the same problem as me. At least at this step.
I haven't tried dnscrypt-proxy but it looks like the version in the Debian Testing repo has the same problem as Unbound ( the method I'm using ). dnscrypt-proxy v2 requires a newer version of libc6 than is currently not available with Debian Stable unfortunately.
Maybe one of the talented guys here at MX can weigh in but I think that libc6 requirement is a killer for us on Debian Stable.
That said, Unbound is working for me and shows Cloudflare as my "ISP" in the tests that you are using to verify. Additionally, my DNS traffic is encrypted and can be verified with tcpdump. :) Check out this guide that I followed to get it working.
https://www.dnsknowledge.com/unbound/co ... -on-linux/
It's for Centos but it works on Debian too. The only part we're missing from this setup is the section labeled "How do I verifying the certificates of the forwarders with this setup?". That part can't be done in the version that we have available.
So what does that leave us with? With the Unbound setup that I'm using it does indeed encrypt all of my DNS traffic. That will stop most ISP's and attackers from spying or manipulating my DNS traffic. Only more advanced MITM attacks would be able to spy or change the DNS results in this case. SImply because it doesn't actually verify the SSL connection.
The Unbound setup actually looks easier to setup to me than dnscrypt-proxy too.
Let me know if you have any questions about the config I'm using with Unbound. And of course, if you do get dnscrypt-proxy working correcty let me know. :)
Cheers!
OK it definitely sounds like you're trying to solve the same problem as me. At least at this step.
I haven't tried dnscrypt-proxy but it looks like the version in the Debian Testing repo has the same problem as Unbound ( the method I'm using ). dnscrypt-proxy v2 requires a newer version of libc6 than is currently not available with Debian Stable unfortunately.
Maybe one of the talented guys here at MX can weigh in but I think that libc6 requirement is a killer for us on Debian Stable.
That said, Unbound is working for me and shows Cloudflare as my "ISP" in the tests that you are using to verify. Additionally, my DNS traffic is encrypted and can be verified with tcpdump. :) Check out this guide that I followed to get it working.
https://www.dnsknowledge.com/unbound/co ... -on-linux/
It's for Centos but it works on Debian too. The only part we're missing from this setup is the section labeled "How do I verifying the certificates of the forwarders with this setup?". That part can't be done in the version that we have available.
So what does that leave us with? With the Unbound setup that I'm using it does indeed encrypt all of my DNS traffic. That will stop most ISP's and attackers from spying or manipulating my DNS traffic. Only more advanced MITM attacks would be able to spy or change the DNS results in this case. SImply because it doesn't actually verify the SSL connection.
The Unbound setup actually looks easier to setup to me than dnscrypt-proxy too.
Let me know if you have any questions about the config I'm using with Unbound. And of course, if you do get dnscrypt-proxy working correcty let me know. :)
Cheers!
Re: [Abandoned] Package request: dnscrypt-proxy v2
I apologize again if I'm saying nonsense because I totally lack the knowledge, but is there a chance that it is not working properly for you? Let me explain for what I observed in my testing using kde neon and this website.
1- Without dnscrypt-proxy, using automatic dns from my isp
I get something like
IP HOSTNAME ISP COUNTRY
62.169.xx.xxx 62.169.xx.xxx.rev.xxxx.xx <name of my ISP> <my country flag>
+ several equal lines more only changing the final couple of digits of the IP
2- Without dnscrypt-proxy, using automatic (only addresses) with Coudfare's dns 1.1.1.1, 1.0.0.1
IP HOSTNAME ISP COUNTRY
172.68.xxx.xx CLOUDFLARENET <my country flag>
+ several equal lines more only changing the final couple of digits of the IP
3- With dnscrypt-proxy working with the default settings, untouched and without any personal server settings
IP HOSTNAME ISP COUNTRY
77.66.84.233 resolver2.dnscrypt.eu Inota DK
178.216.201.222 dc1.soltysiak.com E24-NET PL
77.72.125.206 206.125.72.77.chtp.net LTD "Chaika Telecom Peterburg" ISP RU
37.221.195.181 trashvpn.de netcup GmbH DE
77.88.56.72 Yandex enterprise network RU
So wouldn't you be getting the same results you have now if you just entered Cloudfare's DNS like I did in 2, without even using Unbound at all?
Can you test it with tcpdump and check if the traffic is getting encrypted as well?
I have the idea that, for it to be working, that maybe at least a different country should be being shown? So some routing/encrypting was taking place?
But like I said, maybe I'm just saying nonsense because I totally lack any technical knowledge.
Re: [Abandoned] Package request: dnscrypt-proxy v2
I'm following their instruction install on linux system here. Change some parameter from their default value in dnscrypt-proxy.toml and voila.. work in MX18 without need to remove resolvconf package. Opening tcp/udp 53 as service in my localnet so other device can connect as working dns server.pemartins wrote: ↑Thu Jan 10, 2019 4:23 am Currently on the MX 17/18 repo we only have the old and unmaintained version of dnscrypt-proxy, is it possible to have the new version 2 instead?
Debian has it on the test branches.
EDIT: never mind, I cannot get it to work. For what I've been browsing it's a systemd thing.
Yes stevo.. they give an explaination about working in systemd here. It would be nice if can be porting to MX repo too.
Code: Select all
systemctl status dnscrypt-proxy.service
● dnscrypt-proxy.service - LSB: DNSCrypt client proxy
Loaded: loaded (/etc/init.d/dnscrypt-proxy; generated; vendor preset: enabled)
Active: active (running) since Wed 2019-03-06 20:21:56 WIB; 6min ago
Docs: man:systemd-sysv-generator(8)
Process: 1020 ExecStart=/etc/init.d/dnscrypt-proxy start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/dnscrypt-proxy.service
└─1032 /opt/dnscrypt-proxy/dnscrypt-proxy -child
Mar 06 20:21:55 DerPanzer systemd[1]: Starting LSB: DNSCrypt client proxy...
Mar 06 20:21:55 DerPanzer dnscrypt-proxy[1020]: Starting dnscrypt-proxy
Mar 06 20:21:56 DerPanzer systemd[1]: Started LSB: DNSCrypt client proxy.
MX18 - 4.19.0-16.1-liquorix
i7-2700K@4.3 - Z68V-Pro - RX-560 - 2x8GB D3 - 3x2TB
El-Capitan
i5-760@3.4 - P7P55D-E - XFX 6850B.E - 4x2GB D3 - 500GB
i7-2700K@4.3 - Z68V-Pro - RX-560 - 2x8GB D3 - 3x2TB
El-Capitan
i5-760@3.4 - P7P55D-E - XFX 6850B.E - 4x2GB D3 - 500GB
Re: [Abandoned] Package request: dnscrypt-proxy v2
Hey brigs,
would it be rude of me asking if you could share your knowledge on how did you configure it in detail? like a mini guide or something?
would it be rude of me asking if you could share your knowledge on how did you configure it in detail? like a mini guide or something?