Arda Posted January 15, 2017 Posted January 15, 2017 Hello, I've been trying to use DNSCrypt on ARMBian Debian on OrangePi Zero. I'm following this guide (exact revision link for future reference), and it was working great on Raspbian in Raspberry Pi, When I try the same guide, it compiles, installs successfully, runs the daemon, however it doesn't actually work, saying "connection timed out; no servers could be reached". When I'm not using daemon, and run manually, this time it says "Unable to bind (TCP)". But when I compile and use in Ubuntu, it works nicely. This is my GitHub issue on DNSCrypt repository, including all my tests and inputs: https://github.com/jedisct1/dnscrypt-proxy/issues/561 I'd appreciate your input, why it's working in Ubuntu and why not in Debian ? Images are downloaded from official link, and are version 5.2.4. Any idea would be appreciated. Thanks in advance,
arox Posted January 15, 2017 Posted January 15, 2017 I am afraid, I won't be of much help but which version are you installing on debian and ubuntu ? I installed it 6 month ago on gentoo (on an armbian kernel) but unfortunately don't keep much traces of problems I encountered. I didn't manage to have 1.6.1 working and had to fallback on 1.6.0 I think I also got the message : "Unable to bind (TCP)" . Don't remember if it was a config (conflict with dnsmasq ?) or user problem (Are you running as "root" or changed id ?) or the reason why I had to fallback on previous version.
zador.blood.stained Posted January 15, 2017 Posted January 15, 2017 I would suggest debugging dnsmasq first (by adding some non-dnscrypt upstream services) and if it works, proceed to dnscrypt configuration.
Arda Posted January 15, 2017 Author Posted January 15, 2017 I am afraid, I won't be of much help but which version are you installing on debian and ubuntu ? I installed it 6 month ago on gentoo (on an armbian kernel) but unfortunately don't keep much traces of problems I encountered. I didn't manage to have 1.6.1 working and had to fallback on 1.6.0 I think I also got the message : "Unable to bind (TCP)" . Don't remember if it was a config (conflict with dnsmasq ?) or user problem (Are you running as "root" or changed id ?) or the reason why I had to fallback on previous version. The pi-hole guide made me create a new user, but both root and the created user gives me same error. I'm installing dnscrypt-latest.tar.gz , which is 1.9.1 release. Edit: I guess this and yours are related: https://github.com/jedisct1/dnscrypt-proxy/issues/368 I would suggest debugging dnsmasq first (by adding some non-dnscrypt upstream services) and if it works, proceed to dnscrypt configuration. I'm using pi-hole (GitHub URL), which uses dnsmasq and is an ad blocker on dns level. Port 53 is not taken already by another process (please see my GitHub messages on the link). Pi-hole itself runs quite well both on Debian and Ubuntu when I set another upstream dns servers. So I believe it shouldn't be related to dnsmasq. I just want to to set dnscrypt nameservers upstream to pi-hole on Debian.
zador.blood.stained Posted January 15, 2017 Posted January 15, 2017 I'm using pi-hole (GitHub URL), which uses dnsmasq and is an ad blocker on dns level. Port 53 is not taken already by another process (please see my GitHub messages on the link). Pi-hole itself runs quite well both on Debian and Ubuntu when I set another upstream dns servers. So I believe it shouldn't be related to dnsmasq. I just want to to set dnscrypt nameservers upstream to pi-hole on Debian. So if you did try setting another upstream servers in dnsmasq config and it worked for you, then it's definitely related to dnscrypt. Let's forget for a moment about systemd sockets. dnscrypt-proxy bind address should be controlled by "-a" parameter, try using it to bind to 127.0.0.3 for example, and using strace if it fails. And let's wait for more reports here. 1
Arda Posted January 17, 2017 Author Posted January 17, 2017 I've put quite a tests there in multiple platforms. Also there's another person in the thread who had my issue, please refer to that GitHub issue link I've provided earlier. I've also stumbled upon this, I don't know if this is totally related at all, available in current ARMBian Debian OrangePi Zero kernel, or the method to check the flag to be honest, but may this be the reason ? https://bugs.launchpad.net/raspbian/+bug/1183546 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443742
zador.blood.stained Posted January 18, 2017 Posted January 18, 2017 I've also stumbled upon this, I don't know if this is totally related at all, available in current ARMBian Debian OrangePi Zero kernel, or the method to check the flag to be honest, but may this be the reason ? https://bugs.launchpad.net/raspbian/+bug/1183546 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443742 It is enabled: https://github.com/igorpecovnik/lib/blob/master/config/kernel/linux-sun8i-default.config#L673
zador.blood.stained Posted January 18, 2017 Posted January 18, 2017 Also I would recommend running dnscrypt-proxy -R dnscrypt.eu with strace (installing strace with "sudo apt-get install strace" and running "strace dnscrypt-proxy -R dnscrypt.eu | tee debug.log 2>&1", it should produce a huge debug.log which may be helpful in understanding this error
Arda Posted January 18, 2017 Author Posted January 18, 2017 Also I would recommend running dnscrypt-proxy -R dnscrypt.eu with strace (installing strace with "sudo apt-get install strace" and running "strace dnscrypt-proxy -R dnscrypt.eu | tee debug.log 2>&1", it should produce a huge debug.log which may be helpful in understanding this error Just saw your input, sorry I was at work. Today, I've tried both 1.9.2 and the 1.9.3 which are very recent versions released in this last 2 days, and I can confirm 1.9.3 fixed the issue on ARMBian Debian. The changelog has a line like this: Version 1.9.3 also restores compatibility with ancient Linux kernels that didn't support SO_REUSEPORT, without having to explicitly compile the package with NO_REUSEPORT. I don't know if this was the reason, however one of the fixes pushed to release from 1.9.2 to 1.9.3 fixed it on ARMBian Debian (I wiped the SD card 2 times to double check). This thread can be marked as solved :-) Thanks for your time! 1
arox Posted January 18, 2017 Posted January 18, 2017 Thank you for sharing your experience. I bookmark this thread for the time I will need/want to upgrade my own system.
Recommended Posts