0
Arda

[SOLVED] DNSCrypt doesn't work on Debian, but works on Ubuntu on Orange Pi Zero

Recommended Posts

Hello,

 

I've been trying to use DNSCrypt on ARMBian Debian on OrangePi Zero.

 

I'm following this guide (exact revision link for future reference), and it was working great on Raspbian in Raspberry Pi,

 

When I try the same guide, it compiles, installs successfully, runs the daemon, however it doesn't actually work, saying "connection timed out; no servers could be reached".

 

When I'm not using daemon, and run manually, this time it says "Unable to bind (TCP)".

 

But when I compile and use in Ubuntu, it works nicely.

 

This is my GitHub issue on DNSCrypt repository, including all my tests and inputs:

 

https://github.com/jedisct1/dnscrypt-proxy/issues/561

 

I'd appreciate your input, why it's working in Ubuntu and why not in Debian ? Images are downloaded from official link, and are version 5.2.4.

 

Any idea would be appreciated.

 

Thanks in advance,

Share this post


Link to post
Share on other sites

I am afraid, I won't be of much help but which version are you installing on debian and ubuntu ?

 

I installed it 6 month ago on gentoo (on an armbian kernel) but unfortunately don't keep much traces of problems I encountered. I didn't manage to have 1.6.1 working and had to fallback on 1.6.0

 

I think I also got the message : "Unable to bind (TCP)" . Don't remember if it was a config (conflict with dnsmasq ?) or user problem (Are you running as "root" or changed id ?) or the reason why I had to fallback on previous version.

Share this post


Link to post
Share on other sites

I am afraid, I won't be of much help but which version are you installing on debian and ubuntu ?

 

I installed it 6 month ago on gentoo (on an armbian kernel) but unfortunately don't keep much traces of problems I encountered. I didn't manage to have 1.6.1 working and had to fallback on 1.6.0

 

I think I also got the message : "Unable to bind (TCP)" . Don't remember if it was a config (conflict with dnsmasq ?) or user problem (Are you running as "root" or changed id ?) or the reason why I had to fallback on previous version.

 

The pi-hole guide made me create a new user, but both root and the created user gives me same error.

 

I'm installing dnscrypt-latest.tar.gz , which is 1.9.1 release.

 

Edit: I guess this and yours are related: https://github.com/jedisct1/dnscrypt-proxy/issues/368

 

I would suggest debugging dnsmasq first (by adding some non-dnscrypt upstream services) and if it works, proceed to dnscrypt configuration.

 

I'm using pi-hole (GitHub URL), which uses dnsmasq and is an ad blocker on dns level. Port 53 is not taken already by another process (please see my GitHub messages on the link). Pi-hole itself runs quite well both on Debian and Ubuntu when I set another upstream dns servers. So I believe it shouldn't be related to dnsmasq. I just want to to set dnscrypt nameservers upstream to pi-hole on Debian.

Share this post


Link to post
Share on other sites

I'm using pi-hole (GitHub URL), which uses dnsmasq and is an ad blocker on dns level. Port 53 is not taken already by another process (please see my GitHub messages on the link). Pi-hole itself runs quite well both on Debian and Ubuntu when I set another upstream dns servers. So I believe it shouldn't be related to dnsmasq. I just want to to set dnscrypt nameservers upstream to pi-hole on Debian.

So if you did try setting another upstream servers in dnsmasq config and it worked for you, then it's definitely related to dnscrypt.

Let's forget for a moment about systemd sockets. dnscrypt-proxy bind address should be controlled by "-a" parameter, try using it to bind to 127.0.0.3 for example, and using strace if it fails.

And let's wait for more reports here.

Share this post


Link to post
Share on other sites

I've put quite a tests there in multiple platforms. Also there's another person in the thread who had my issue, please refer to that GitHub issue link I've provided earlier.

 

I've also stumbled upon this, I don't know if this is totally related at all, available in current ARMBian Debian OrangePi Zero kernel, or the method to check the flag to be honest, but may this be the reason ?

 

https://bugs.launchpad.net/raspbian/+bug/1183546

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443742

Share this post


Link to post
Share on other sites

I've also stumbled upon this, I don't know if this is totally related at all, available in current ARMBian Debian OrangePi Zero kernel, or the method to check the flag to be honest, but may this be the reason ?

 

https://bugs.launchpad.net/raspbian/+bug/1183546

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443742

It is enabled: https://github.com/igorpecovnik/lib/blob/master/config/kernel/linux-sun8i-default.config#L673

Share this post


Link to post
Share on other sites

Also I would recommend running

dnscrypt-proxy -R dnscrypt.eu

with strace (installing strace with "sudo apt-get install strace" and running "strace dnscrypt-proxy -R dnscrypt.eu | tee debug.log 2>&1", it should produce a huge debug.log which may be helpful in understanding this error

Share this post


Link to post
Share on other sites

Also I would recommend running

dnscrypt-proxy -R dnscrypt.eu

with strace (installing strace with "sudo apt-get install strace" and running "strace dnscrypt-proxy -R dnscrypt.eu | tee debug.log 2>&1", it should produce a huge debug.log which may be helpful in understanding this error

 

Just saw your input, sorry I was at work. Today, I've tried both 1.9.2 and the 1.9.3 which are very recent versions released in this last 2 days, and I can confirm 1.9.3 fixed the issue on ARMBian Debian.

 

The changelog has a line like this:

 

Version 1.9.3 also restores compatibility with ancient Linux kernels that didn't support SO_REUSEPORT, without having to explicitly compile the package with NO_REUSEPORT.

 

 

I don't know if this was the reason, however one of the fixes pushed to release from 1.9.2 to 1.9.3 fixed it on ARMBian Debian (I wiped the SD card 2 times to double check).

 

This thread can be marked as solved :-)

 

Thanks for your time!

Share this post


Link to post
Share on other sites

Thank you for sharing your experience. I bookmark this thread for the time I will need/want to upgrade my own system.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
0