Connection problem with dnscrypt-proxy2 2.0.42-1


20200502 installation Dnscrypt-proxy2 2.0.42-1, everything worked as well as DNSSEC.

20200527 installation of the dnscrypt-proxy2 2.0.42-1 package, dnscrypt-proxy-resolvers and luci-i18n-dnscrypt-proxy-fr.

It does not work. Unable to retrieve certificates. DNSSEC does not work because of [fvz-anyone]. Can you reset the configuration of the 20200502?

Is it normal that in the log file of dnscrypt-proxy2 2.0.42-1, figure "dnscrypt-proxy Starting dnscrypt-proxy 1.9.5"?

Thu May 21 11:52:49 2020 : dnscrypt-proxy - [fvz-anyone] does not support DNS Security Extensions
Thu May 21 11:52:49 2020 : dnscrypt-proxy + Provider supposedly doesn't keep logs
Thu May 21 11:52:49 2020 daemon.notice dnscrypt-proxy[2008]: dnscrypt-proxy Starting dnscrypt-proxy 1.9.5
Thu May 21 11:52:49 2020 dnscrypt-proxy[2008]: dnscrypt-proxy Generating a new session key pair
Thu May 21 11:52:50 2020 dnscrypt-proxy[2008]: dnscrypt-proxy Done
Thu May 21 13:47:51 2020 daemon.err dnscrypt-proxy[2008]: dnscrypt-proxy Unable to retrieve server certificates
Thu May 21 13:47:52 2020 dnscrypt-proxy[2008]: dnscrypt-proxy Refetching server certificates

The internet connection only works with ISP's DNS. When I modify the file /etc/config/dhcp config dnsmasq

#option resolvfile '/tmp/' and option noresolv '1'. I no longer have an internet connection.

Can you do what's necessary? Thank you

Have a nice day

For a linuxiens or an openwrtiens, it is obvious. For a Windowsian, this is not the case, at least as far as I am concerned.

Nevertheless, this forum is a gold mine of information, so I took my fishing rod (my mouse) to go get the fish and eureka!

First of all, a special thank you to the speakers for this link, who helped me understand the steps to take: Dnscrypt-proxy does not start

In LuCi, dnscrypt-proxy app, Advanced, Modify the configuration of DNSCrypt-Proxy,

config global
# start dnscrypt-proxy from procd interface trigger rather than immediately in init
# if needed you can restrict trigger to certain interface(s)
# list procd_trigger 'wan'
# list procd_trigger 'wan6'

config dnscrypt-proxy ns1
option address ''
option port '5353'
option resolver 'fvz-anyone'
# more details about the following options can be found in:
# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'

I did not know that I had to uncomment a line and modify another line in /etc/config/dnscrypt-proxy as below:

My global config
config dnscrypt-proxy 'ns1'
option address ''
option port '5353'
option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
option resolver ''

I asked for fish but your deafening silence prompted me to "take my fishing rod". Instructive.

Once these settings are complete:

Restart dnsmasq to go to the new configuration: /etc/init.d/dnsmasq restart

Restart the router. Sometimes, even when restarting the router, closing and restarting the browser, a message tells you "openwrt.lan does not exist".

The solution, unplug the power cable or cut the power supply to the router with its button then restart it. Everything should work as well as DNSSEC if you have selected the correct resolver.

Regarding the start line dnscrypt-proxy 1.9.5 for dnscrypt-proxy2 2.0.42-1 which intrigued me :

Mon Jun 1 20:27:01 2020 daemon.notice dnscrypt-proxy [2538]: dnscrypt-proxy Starting dnscrypt-proxy 1.9.5

Internet research indicated to me that this was only the stable version of the DNSCrypt client. You will tell me so much!

Now my new mission : I will try to install "Wireguard".

Thank you all for your contributions.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.