[Bug 977946] New: dnscrypt-proxy :missing files and modules:Not able to change local address
http://bugzilla.suse.com/show_bug.cgi?id=977946 Bug ID: 977946 Summary: dnscrypt-proxy :missing files and modules:Not able to change local address Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: dkrhemanth@gmail.com QA Contact: qa-bugs@suse.de CC: darix@web.de, i@marguerite.su Found By: --- Blocker: --- 1. The sysconfig file is missing: The file "/etc/sysconfig/dnscrypt" is not automatically created after installation of dnscrypt-proxy. I had to copy it from /var/adm/fillup-templates/sysconfig.dnscrypt , only after which i was able to change to another resolver. 2. Not able to change the default local address(127.0.0.1:53) in /etc/sysconfig/dnscrypt . Works only when the variable: "DNSCRYPT_LOCAL_ADDRESS=" field is left empty. If i assign thehe value as 127.0.0.1:40 or 127.0.0.2:40 then the dnscrypt-proxy fails to work/resolve the dns in the web browser. Had to use another value other than the default to get unbound to work along with dnscrypt-proxy otherwise unbound doesn't work/starts. 3. "dnscrypt-proxy.socket" is missing/not installed, which is actually available in https://github.com/jedisct1/dnscrypt-proxy Repo: http://download.opensuse.org/repositories/server:/dns/openSUSE_42.1/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c1 Chenzi Cao <chenzi.cao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |dsterba@suse.com |ovo.novell.com | --- Comment #1 from Chenzi Cao <chenzi.cao@suse.com> --- Hi David, I'm not quite sure whether it is right to assign it to you, please feel free to reassign whenever necessary, thank you! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c4 Hemanth Kumar <dkrhemanth@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #4 from Hemanth Kumar <dkrhemanth@gmail.com> --- I would like to have Redundant DNSCrypt providers.Like one instance configured for 'soltysiak' and another one configured for 'ovpnto-se' listening to different IPs/Ports and then configure the local caching server(unbound) to use both IPs/Ports. How can i do that ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c6 --- Comment #6 from Hemanth Kumar <dkrhemanth@gmail.com> --- (In reply to Marguerite Su from comment #5)
(In reply to Hemanth Kumar from comment #4)
I would like to have Redundant DNSCrypt providers.Like one instance configured for 'soltysiak' and another one configured for 'ovpnto-se' listening to different IPs/Ports and then configure the local caching server(unbound) to use both IPs/Ports. How can i do that ?
"How can I do that" is a question for the upstream.
You should ask that on upstream's development mailing list, not here.
Its possible from the upstream's dnscrypt-proxy- https://github.com/jedisct1/dnscrypt-proxy/issues/228 The process seems to involve editing the dnscrypt-proxy.socket, which is not installed from openSUSE repo. So i don't know how to do it for the "forked" method installation from openSUSE, which is why i asked it here. An example of using "Redundant DNSCrypt providers"- https://wiki.archlinux.org/index.php/DNSCrypt As you said "Neither dnscrypt-proxy.service nor dnscrypt-proxy.socket provided by upstream was installed/used in openSUSE. Upstream used "simple" method while we used "forking" method, which means we are superior." If it was provided like the upstream method it would be better. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c7 Hemanth Kumar <dkrhemanth@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |i@marguerite.su Resolution|FIXED |--- Flags| |needinfo?(i@marguerite.su) --- Comment #7 from Hemanth Kumar <dkrhemanth@gmail.com> --- Please add dnscrypt-proxy.socket and dnscrypt-proxy.service as in the upstream. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c8 Marguerite Su <i@marguerite.su> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |IN_PROGRESS Flags|needinfo?(i@marguerite.su) | --- Comment #8 from Marguerite Su <i@marguerite.su> --- (In reply to Hemanth Kumar from comment #6)
Its possible from the upstream's dnscrypt-proxy- https://github.com/jedisct1/dnscrypt-proxy/issues/228
If so, it is a valid issue for openSUSE.
The process seems to involve editing the dnscrypt-proxy.socket, which is not installed from openSUSE repo. So i don't know how to do it for the "forked" method installation from openSUSE, which is why i asked it here.
An example of using "Redundant DNSCrypt providers"- https://wiki.archlinux.org/index.php/DNSCrypt
As you said "Neither dnscrypt-proxy.service nor dnscrypt-proxy.socket provided by upstream was installed/used in openSUSE. Upstream used "simple" method while we used "forking" method, which means we are superior."
If it was provided like the upstream method it would be better.
Thanks for the hint, I'll add that possibility ASAP. Actually I didn't think DNSCrypt can be used like that. If there're too many aspects to cover with our own systemd service, I think using upstream's service is a good idea for maintenance. Marguerite -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c10 Hemanth Kumar <dkrhemanth@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #10 from Hemanth Kumar <dkrhemanth@gmail.com> --- (In reply to Marguerite Su from comment #9)
Please check if 1.7.0 works for your need.
I deleted our own service and switched to upstream's.
I couldn't get the dnscrypt-proxy to start. Any idea about this ? Aug 06 13:21:05 linux-xkhc systemd[1]: Started DNSCrypt client proxy. Aug 06 13:21:05 linux-xkhc systemd[6667]: Failed at step EXEC spawning /usr/local/sbin/dnscrypt-proxy: No such file or directory Aug 06 13:21:05 linux-xkhc systemd[1]: dnscrypt-proxy.service: main process exited, code=exited, status=203/EXEC Aug 06 13:21:05 linux-xkhc systemd[1]: Unit dnscrypt-proxy.service entered failed state. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c11 --- Comment #11 from Marguerite Su <i@marguerite.su> --- (In reply to Hemanth Kumar from comment #10)
I couldn't get the dnscrypt-proxy to start. Any idea about this ?
Aug 06 13:21:05 linux-xkhc systemd[1]: Started DNSCrypt client proxy. Aug 06 13:21:05 linux-xkhc systemd[6667]: Failed at step EXEC spawning /usr/local/sbin/dnscrypt-proxy: No such file or directory Aug 06 13:21:05 linux-xkhc systemd[1]: dnscrypt-proxy.service: main process exited, code=exited, status=203/EXEC Aug 06 13:21:05 linux-xkhc systemd[1]: Unit dnscrypt-proxy.service entered failed state.
Sorry, my fault. Upstream's systemd service is just a template. I didn't fill things in. Now it should be okay. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c12 --- Comment #12 from Hemanth Kumar <dkrhemanth@gmail.com> --- (In reply to Marguerite Su from comment #11)
(In reply to Hemanth Kumar from comment #10)
I couldn't get the dnscrypt-proxy to start. Any idea about this ?
Aug 06 13:21:05 linux-xkhc systemd[1]: Started DNSCrypt client proxy. Aug 06 13:21:05 linux-xkhc systemd[6667]: Failed at step EXEC spawning /usr/local/sbin/dnscrypt-proxy: No such file or directory Aug 06 13:21:05 linux-xkhc systemd[1]: dnscrypt-proxy.service: main process exited, code=exited, status=203/EXEC Aug 06 13:21:05 linux-xkhc systemd[1]: Unit dnscrypt-proxy.service entered failed state.
Sorry, my fault. Upstream's systemd service is just a template. I didn't fill things in. Now it should be okay.
Hi, i am still not able to get it running. How about you? Could you get it running successfully ? This is what i am getting : Aug 07 05:27:24 linux-xkhc systemd[1]: PID file /var/run/dnscrypt-proxy.pid not readable (yet?) after start. Aug 07 05:27:24 linux-xkhc systemd[1]: dnscrypt-proxy.service never wrote its PID file. Failing. Aug 07 05:27:24 linux-xkhc systemd[1]: Failed to start Secure connection between your computer and a DNS resolver. Aug 07 05:27:24 linux-xkhc systemd[1]: Unit dnscrypt-proxy.service entered failed state. And also which file should i edit to change the DNS resolvers name for this method ? For the previous forked method i had to copy "/var/adm/fillup-templates/sysconfig.dnscrypt" to "/etc/sysconfig/dnscrypt" and was editing that file (Remainder: the "/etc/sysconfig/dnscrypt" file is still available after reinstalling dnscrypt-proxy with old settings). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c17 Hemanth Kumar <dkrhemanth@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #17 from Hemanth Kumar <dkrhemanth@gmail.com> --- Still failing to start. systemctl status dnscrypt-proxy@127.0.0.1:53.service dnscrypt-proxy@127.0.0.1:53.service - Secure connection between your computer and a DNS resolver Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy@.service; disabled) Active: failed (Result: resources) since Sun 2016-08-14 21:47:25 IST; 8s ago Docs: man:dnscrypt-proxy(8) Process: 31269 ExecStart=/usr/sbin/dnscrypt-proxy --daemonize --pidfile=/var/run/dnscrypt-proxy/dnscrypt-proxy@%i.pid --local-address=%i --user=${DNSCRYPT_USER} --resolver-name=${DNSCRYPT_RESOLVER_NAME} ${DNSCRYPT_EPHEMERAL_KEYS} ${DNSCRYPT_OPTIONS} --logfile=/var/log/dnscrypt-proxy/dnscrypt-proxy@%i.log --loglevel=${DNSCRYPT_LOGLEVEL} (code=exited, status=0/SUCCESS) Aug 14 21:47:25 linux-xkhc systemd[1]: PID file /var/run/dnscrypt-proxy/dnscrypt-proxy@127.0.0.1:53.pid not readable (yet?) after start. Aug 14 21:47:25 linux-xkhc dnscrypt-proxy[31269]: [INFO] - [cisco] does not support DNS Security Extensions Aug 14 21:47:25 linux-xkhc dnscrypt-proxy[31269]: [WARNING] - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern Aug 14 21:47:25 linux-xkhc systemd[1]: dnscrypt-proxy@127.0.0.1:53.service never wrote its PID file. Failing. Aug 14 21:47:25 linux-xkhc systemd[1]: Failed to start Secure connection between your computer and a DNS resolver. Aug 14 21:47:25 linux-xkhc systemd[1]: Unit dnscrypt-proxy@127.0.0.1:53.service entered failed state. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=977946 http://bugzilla.suse.com/show_bug.cgi?id=977946#c20 --- Comment #20 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (977946) was mentioned in https://build.opensuse.org/request/show/520650 Factory / dnscrypt-proxy -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com