DNScryptProxy not working? (Logs in GUI not working)

Started by tiermutter, January 14, 2022, 07:43:45 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 14, 2022, 07:43:45 PM Last Edit: January 28, 2022, 02:52:04 PM by tiermutter
Hi everyone,

on a freshly installed system DNScryptProxy is not working.
The service is starting fine but is not responding to DNS requests. All service logs in GUI are empty, even if all severeties are selected.

Log via CLI looks fine so far:
Code Select
# vi /var/log/dnscrypt-proxy/dnscrypt-proxy.log
[2022-01-14 19:10:24] [NOTICE] dnscrypt-proxy 2.0.45
[2022-01-14 19:10:24] [NOTICE] Network connectivity detected
[2022-01-14 19:10:24] [NOTICE] Now listening to 127.0.0.1:5353 [UDP]
[2022-01-14 19:10:24] [NOTICE] Now listening to 127.0.0.1:5353 [TCP]
[2022-01-14 19:10:24] [NOTICE] Now listening to [::1]:5353 [UDP]
[2022-01-14 19:10:24] [NOTICE] Now listening to [::1]:5353 [TCP]
[2022-01-14 19:10:24] [NOTICE] Now listening to :53 [UDP]
[2022-01-14 19:10:24] [NOTICE] Now listening to :53 [TCP]
[2022-01-14 19:10:24] [NOTICE] Source [public-resolvers] loaded
[2022-01-14 19:10:24] [NOTICE] Loading the set of whitelisting rules from [whitelist.txt]
[2022-01-14 19:10:24] [NOTICE] Firefox workaround initialized
[2022-01-14 19:10:24] [NOTICE] Loading the set of blocking rules from [blacklist.txt]
[2022-01-14 19:10:24] [NOTICE] Loading the set of cloaking rules from [cloaking-rules.txt]
[2022-01-14 19:10:24] [NOTICE] Loading the set of forwarding rules from [forwarding-rules.txt]
[2022-01-14 19:10:27] [NOTICE] [dnscrypt.be] OK (DNSCrypt) - rtt: 21ms
[2022-01-14 19:10:29] [NOTICE] [dnscrypt.eu-nl] OK (DNSCrypt) - rtt: 17ms
[2022-01-14 19:10:29] [NOTICE] [quad9-doh-ip6-port443-filter-pri] OK (DoH) - rtt: 10ms
[2022-01-14 19:10:29] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 8ms
[2022-01-14 19:10:29] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 8ms - additional certificate
[2022-01-14 19:10:29] [NOTICE] [quad9-doh-ip4-port443-filter-ecs-pri] OK (DoH) - rtt: 13ms
[2022-01-14 19:10:32] [NOTICE] [quad9-doh-ip6-port5053-filter-pri] OK (DoH) - rtt: 17ms
[2022-01-14 19:10:32] [NOTICE] [dns.digitale-gesellschaft.ch] OK (DoH) - rtt: 19ms
[2022-01-14 19:10:32] [NOTICE] [dns.digitale-gesellschaft.ch-2] OK (DoH) - rtt: 19ms
[2022-01-14 19:10:32] [NOTICE] [dnscrypt.eu-nl-ipv6] TIMEOUT
[2022-01-14 19:10:32] [NOTICE] Sorted latencies:
[2022-01-14 19:10:32] [NOTICE] -     8ms quad9-dnscrypt-ip4-filter-pri
[2022-01-14 19:10:32] [NOTICE] -    10ms quad9-doh-ip6-port443-filter-pri
[2022-01-14 19:10:32] [NOTICE] -    13ms quad9-doh-ip4-port443-filter-ecs-pri
[2022-01-14 19:10:32] [NOTICE] -    17ms dnscrypt.eu-nl
[2022-01-14 19:10:32] [NOTICE] -    17ms quad9-doh-ip6-port5053-filter-pri
[2022-01-14 19:10:32] [NOTICE] -    19ms dns.digitale-gesellschaft.ch
[2022-01-14 19:10:32] [NOTICE] -    19ms dns.digitale-gesellschaft.ch-2
[2022-01-14 19:10:32] [NOTICE] -    21ms dnscrypt.be
[2022-01-14 19:10:32] [NOTICE] Server with the lowest initial latency: quad9-dnscrypt-ip4-filter-pri (rtt: 8ms)
[2022-01-14 19:10:32] [NOTICE] dnscrypt-proxy is ready - live servers: 8


Reinstalled service without success and tried again where I deleted all obviously related service-files via CLI; after reinstalling the service, all previous configs were restored.
=> how to completly remove all related service files?
May this be a config-fault? (Did the same config as on my 21.7 system; same hardware)

I'll be happy to send you any additional information you need...
i am not an expert... just trying to help...
January 14, 2022, 10:22:41 PM #1
You're probably going to need to provide more details.  Did you test from the terminal on opnsense itself?

root@opnsense:~ # dig example.com @127.0.0.1

Any messages in the other dnscrypt-proxy logs?  Timeouts?  Or it's not even getting the request?
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 15, 2022, 03:10:03 PM #2
dig is not available, used drill instead:
Code Select
# drill wetter.de @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 59500
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; wetter.de.   IN      A

;; ANSWER SECTION:
wetter.de.      599     IN      A       194.36.43.54

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 10048 msec
;; SERVER: 127.0.0.1
;; WHEN: Sat Jan 15 12:05:33 2022
;; MSG SIZE  rcvd: 43

Now i realized that resolving is working, but very slow until the IP is cached.

/var/log/dnscryptproxy/dnscrypt-proxy.log looks pretty fine and shows regulary checks for best servers as described above.
/var/log/dnscryptproxy/query.log is largely empty and shows only about one minute (yesterday) where it seems to have worked correctly.
Logs in /var/log/dnscrypt-proxy shows the same.

Sorry i didn't mention it, it looked like it wasn't responsible for the problem:
Im using AdguardHome (installed on the sense) for DNS filtering which uses the DNScryptProxy as resolver. Disabling Adguard, DNS resolution works fine but still no logs at DNScryptProxy.
Disabling DNScryptProxy, no resolution is possible, so the service seems generally to be working, but without logs.

I´ll start digging at Adguard which is not working correctly / very slow, even when using other DNS servers.
i am not an expert... just trying to help...
January 15, 2022, 04:03:11 PM #3
Good...about logging...there's an option to disable logs on the config tab (template), toward the bottom "enable query logs", maybe you have that unchecked.

In the event you feel adventurous, a couple of us manually upgraded to dnscrypt-proxy 2.1.1.  I documented how to do this, but wouldn't recommend unless you're comfortable with the terminal and CLI.  You can find the discussion here:

https://forum.opnsense.org/index.php?topic=24297.0

This requires manually setting the options in the toml (config file) since the template is not updated to support 2.1.1.  The change log is here: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/ChangeLog .  According to franco, that plugin is on hold pending larger changes...no ETA I'm aware of.  I particularly like this utility because the cache (min TTL) can be set to whatever you want and I prefer 24 hours minimizing dns traffic and removing a bit of latency.  Cheers.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 15, 2022, 08:54:24 PM #4
Follow-up: Just migrated to RC1 and yep...logs are not displayed in the UI but are in the directory I noted above.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 15, 2022, 10:26:10 PM #5
Can you please tell me which directory/ file you mean?
I couldnt find other logs than those stored in  /var/log/dnscrypt-proxy and  /var/log/dnscryptproxy, but as mantioned they are empty (Apart from the fact that a minute was logged yesterday).
Query logging is still enabled.
i am not an expert... just trying to help...
January 15, 2022, 10:49:37 PM #6
Hmm, you looked in the right place, maybe logging is disabled.  The only way to be sure is to look at the toml/config file.  If no log file is specified in the config for each of nx, query, etc, that by default would disable them.  If there is a location specified, that's where should be.  The default is /var/log/dnscrypt-proxy/query.log.

That file is located at /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 16, 2022, 01:02:27 AM #7
Shame about me  :-\
Logfiles looks pretty good, I dumbass didnt scroll (Page_Down)  ::)
I am probably not used to it because I usually dont look at multipaged files... you see... I am not very comfortable with CLI ;)

Thanks for helping in this confusing situation!
i am not an expert... just trying to help...
January 27, 2022, 10:36:33 PM #8
I just upgraded from 19.7.7 to 22.1 and encountered the same error. When i check the logs in cli , it seems dnscrypt-proxy is working perfectly fine, is resolving names and does what it supposed to do. Also the logs are populated in the related logfiles. Only problems is that nothing, no logs, are showing in the gui for dnscrypt-proxy.

btw, i followed this howto to get dnscrypt-proxy working with unbound:
https://forum.opnsense.org/index.php?topic=10670.msg118634#msg118634

Can this be fixed?   
January 28, 2022, 01:45:10 PM #9
Same issue here: no logs in GUI after update to 22.1. Any ideas / plans to fix this? :-[
January 28, 2022, 01:53:17 PM #10
With 22.1 there are severity filters in the logs (upper right). Did you select "multiselect" and select all severeties?
I no longer use DNScryptProxy (not due to this little issue), so I dont know if this will work now as it does in some other logs where the problem existed too in RC1.
i am not an expert... just trying to help...
January 28, 2022, 01:59:38 PM #11
Thanks, it works for unbound, but not for DNScryptProxy :-\ The status remains as "No results found".
January 28, 2022, 02:37:41 PM #12
Quote from: Mr.Goodcat on January 28, 2022, 01:59:38 PM
Thanks, it works for unbound, but not for DNScryptProxy :-\ The status remains as "No results found".

Same exact issue here. Logs appear in unbound after altering the severity level, but not in dnscrypt-proxy.
January 29, 2022, 04:01:19 PM #13
Same for me. No Dnscryptproxy in GUI.
Actual logging in files are working fine (tested by tail -f /var/log/dnscrypt-proxy/query.log)
January 29, 2022, 07:42:06 PM #14
Blacklist and Logs in GUI currently not working, I'm on it
Print
Go Up Pages1 2
User actions