2

I have successfully installed and find myself in the middle of configuring dnscrypt-proxy for use on ubuntu 13.10 x64. However I am running into some issues with permissions in general.

I have added a user with the following commmand:

sudo adduser --system --quiet --home /run/dnscrypt --shell /bin/false --group --disabled-password --disabled-login dnscrypt

and issued dnscrypt-proxy --daemonize --user=dnscrypt but without success. So i tried just --daemonize and finally just dnscrypt-proxy which resulted in a UDP bind permission error. Ran it as root and the error goes away. dnscrypt-proxy --user=dnscrypt results in the error returning. I'm guessing its failing because of some permission, but don't have a clue where to start or what to change at this point.

also i would like to run this at network startup or after login. which i think i can manage, but if you have a suggestion it would just save me time. I don't understand why I can't run this as --user=dnscrypt but root works fine.

edit: Just to clarify a little more, I'm actually running elementary OS luna 0.2, which is based on ubuntu 13.10 (I believe)

user239023
  • 21
  • 1
  • 3

2 Answers2

1

There is a PPA mantained by Sergei Schnatsel that should render things easier... OS luna is based on ubuntu 12.04.

More here: link to PPA

lf_araujo
  • 267
  • 2
  • 10
1

Before you start, go to "edit connections" in the panel dropdown menu. Click on your current connection and select "Edit" and then select the ipv4 tab. For "method" select automatic DHCP addresses only. Then, type 127.0.0.1 or 127.0.0.2 respectively next to "Aditional DNS servers. Select ipv6 tab and for "Method" select "ignore" then click save and execute the following command.

sudo service network-manager restart

Normally, dnscrypt-proxy must be used with sudo. The reason you do not see the UDP bind error using the --daemonize option is not because there is no error, it is because the --daemonize option (non-verbose) will show no output and thus does not show the error. I will fully explain here.

First, you have to kill dnsmasq to free up 127.0.0.1 or you will encounter the UDP bind permission error you spoke of.

sudo killall dnsmasq

Now, start dnscrypt-proxy on 127.0.0.1 with the following

sudo dnscrypt-proxy --daemonize --resolver-name=opendns

The following command does the same thing (with alot less typing).

sudo dnscrypt-proxy -d -R opendns

Alternatively, you may use 127.0.0.2 instead of 127.0.0.1 without killing dnsmasq to avoid the UDP bind error you spoke of.

sudo dnscrypt-proxy -d -R opendns -a 127.0.0.2

For verbose mode, run the following in an open terminal. Closing the terminal kills the running instance.

First, kill all instances of dnscrypt-proxy so you do not encounter a UDP bind error.

sudo killall dnscrypt-proxy

then you may run

sudo dnscrypt-proxy -R opendns

or

sudo dnscrypt-proxy -R opendns -a 127.0.0.2

Finally, to verify encryption is used, (opendns only) . . .

drill txt debug.opendns.com

or

dig txt debug.opendns.com

. . . "dnscrypt enabled" should show somewhere in the output

For a list of dnscrypt-proxy enabled resolvers, visit this page: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv

Sources: http://dnscrypt.org/

https://github.com/jedisct1/dnscrypt-proxy

How to check if DNS is encrypted?

Community
  • 1
mchid
  • 42,315
  • 7
  • 94
  • 147