Help settting up dnscrypt proxy v2 with ipv6 on tp-link archer c7

zbwol · March 20, 2019, 7:59pm

hello

im trying to set up dnscrypt proxy v2 on the latest stable image of openwrt

i installed the dnscrypt following the official guide on github

ipv4 works fine but my isp provides ipv6 is it possible to make ipv6 work

im trying to use the address for ipv6 as sugested by the creator (i guess) of the dnscrypt itself mentioned on this thread on github https://github.com/jedisct1/dnscrypt-proxy/issues/707
but i get error on the log and the program stops

in the dnscrypt-proxy.toml file the listen_address are the following

listen_addresses = ['127.0.0.53:53','::FFFF:127.0.0.53']

this is the log of the dnscrypt proxy

[2019-03-20 19:49:48] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 19:49:48] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 19:49:48] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 19:49:48] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 19:49:48] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 19:49:48] [FATAL] address ::FFFF:127.0.0.53: too many colons in address

this is the content of forwarding-rules.txt

lan 127.0.0.1
10.in-addr.arpa 127.0.0.1
192.in-addr.arpa 127.0.0.1
254.169.in-addr.arpa 127.0.0.1

is some forwarding missing for ipv6

anyone had similar problem can help

thank you

trendy · March 20, 2019, 8:17pm

For IPv6 listening address why don't you use '[::1]:53' ?

zbwol · March 20, 2019, 8:26pm

just now i made the changes and i get this in the log

[2019-03-20 20:20:55] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 20:20:55] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 20:20:55] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 20:20:55] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 20:20:55] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 20:20:55] [FATAL] listen udp [::1]:53: bind: address already in use

here is my network file

it could be helpful to resolve the problem

my isp provides internet acess and iptv in a multicast group behind a igmp proxy via vlan

regarding ipv6 configuration is all at default

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde2:7cf8:40e0::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth1.1'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option igmp_snooping '1'
	option dns '127.0.0.53'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0.12'
	option peerdns '0'
	option dns '127.0.0.53 1.1.1.1'

config interface 'wan6'
	option proto 'dhcpv6'
	option ifname 'eth0.12'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	option dns '[::1]:53 2606:4700:4700::1111'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3 4 5'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1t 6t'
	option vid '12'

heres also dhcp file

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option strictorder '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ra 'server'
	option dhcpv6 'server'
	option ra_management '1'
	list dns '[::1]:53'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

thank you for the help

trendy · March 20, 2019, 9:21pm

Sorry I didn't notice that [::1]:53 is used by dnsmasq.
The ::FFFF:127.0.0.53 could be used but needs to be inside square brackets [ ]
Try that if you didn't.
If it doesn't work, you have ULA addresses
ula_prefix 'fde2:7cf8:40e0::/48'
Add in lan interface the option ip6ifaceid '::1' and the LAN interface will now have fde2:7cf8:40e0::1
Exclude it from dnsmasq and use it for dnscrypt.

zbwol · March 20, 2019, 10:15pm

with the address inside square brackets doesn crash but asks me to add a port but port 53 is already in use by dnsmasq can i use a diffrent port or it as to be 53 because tcp and udp listeners

anyway heres the log

[2019-03-20 22:13:05] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:05] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:05] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:05] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:05] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:05] [FATAL] address [::FFFF:127.0.0.53]: missing port in address
[2019-03-20 22:13:11] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:11] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:11] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:11] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:11] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:11] [FATAL] address [::FFFF:127.0.0.53]: missing port in address
[2019-03-20 22:13:18] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:18] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:18] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:18] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:18] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:18] [FATAL] address [::FFFF:127.0.0.53]: missing port in address
[2019-03-20 22:13:25] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:25] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:25] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:25] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:25] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:25] [FATAL] address [::FFFF:127.0.0.53]: missing port in address
[2019-03-20 22:13:32] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:32] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:32] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:32] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:32] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:32] [FATAL] address [::FFFF:127.0.0.53]: missing port in address
[2019-03-20 22:13:39] [NOTICE] Source [public-resolvers.md] loaded
[2019-03-20 22:13:39] [NOTICE] dnscrypt-proxy 2.0.21
[2019-03-20 22:13:39] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2019-03-20 22:13:39] [NOTICE] Now listening to 127.0.0.53:53 [UDP]
[2019-03-20 22:13:39] [NOTICE] Now listening to 127.0.0.53:53 [TCP]
[2019-03-20 22:13:39] [FATAL] address [::FFFF:127.0.0.53]: missing port in address

trendy · March 20, 2019, 11:09pm

I don't think that you will have problem, since you are already using 127.0.0.53 with port 53.
So try [::FFFF:127.0.0.53]:53 and if it doesn't work, then you can exclude dnsmasq from listening on loopback interface.

vgaetera · March 21, 2019, 1:50am

Why are you pushing IPv6-loopback address to the clients as DNS?
Moreover you shouldn't use port number, because it does not work in general case.

neheb · March 21, 2019, 2:23am

You should be listening on some other port and have DNSmasq listen to that.