Comments (7)
Hey @adit-s , can you provide your configuration file or at least the [anonymized_dns]
block? It's not enabled by default in this image but as far as I can tell with the correct configuration it should work as per @jedisct1's instructions.
from dnscrypt-proxy-docker.
Hello Kyle. The dnscrypt-proxy.toml file I'm using is attached.
The intent is to use the primary and alternate quad9 filtering DNS servers (via DNSCrypt and not DoH); relayed via the two relays (from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/relays.md)
-
anon-cs-ca2
Anonymized DNS relay hosted in CA - Vancouver provided by https://cryptostorm.is/
sdns://gRMxNjIuMjIxLjIwNy4yMjg6NDQz -
anon-ev-to
Anonymized DNS relay provided by evilvibes.com Location: Toronto, Canada
sdns://gQw2Ni44NS4zMC4xMTU
The container log follows:
[2020-06-24 22:49:59] [NOTICE] dnscrypt-proxy 2.0.44,
[2020-06-24 22:49:59] [NOTICE] Network connectivity detected,
[2020-06-24 22:49:59] [NOTICE] Now listening to 0.0.0.0:5053 [UDP],
[2020-06-24 22:49:59] [NOTICE] Now listening to 0.0.0.0:5053 [TCP],
[2020-06-24 22:49:59] [WARNING] /config/relays.md: open sf-eayecvbucnwm4pfj.tmp: permission denied,
[2020-06-24 22:49:59] [NOTICE] Source [relays] loaded,
[2020-06-24 22:50:00] [WARNING] /config/quad9-resolvers.md: open sf-nxogfglmym7uxc3m.tmp: permission denied,
[2020-06-24 22:50:00] [NOTICE] Source [quad9-resolvers] loaded,
[2020-06-24 22:50:00] [NOTICE] Anonymized DNS: routing [quad9-dnscrypt-ip4-filter-alt] via [sdns://gRMxNjIuMjIxLjIwNy4yMjg6NDQz sdns://gQw2Ni44NS4zMC4xMTU],
[2020-06-24 22:50:00] [NOTICE] Anonymized DNS: routing [quad9-dnscrypt-ip4-filter-pri] via [sdns://gRMxNjIuMjIxLjIwNy4yMjg6NDQz sdns://gQw2Ni44NS4zMC4xMTU],
[2020-06-24 22:50:00] [NOTICE] Firefox workaround initialized,
[2020-06-24 22:50:00] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 104ms,
[2020-06-24 22:50:00] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 104ms - additional certificate,
[2020-06-24 22:50:00] [WARNING] [quad9-dnscrypt-ip4-filter-alt] is incompatible with anonymization,
[2020-06-24 22:50:00] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 102ms,
[2020-06-24 22:50:00] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 102ms - additional certificate,
[2020-06-24 22:50:00] [WARNING] [quad9-dnscrypt-ip4-filter-pri] is incompatible with anonymization,
[2020-06-24 22:50:00] [ERROR] Resolver is incompatible with anonymization,
[2020-06-24 22:50:00] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable,
[2020-06-24 22:50:10] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 32ms,
[2020-06-24 22:50:10] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 32ms - additional certificate,
[2020-06-24 22:50:10] [WARNING] [quad9-dnscrypt-ip4-filter-alt] is incompatible with anonymization,
[2020-06-24 22:50:10] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 24ms,
[2020-06-24 22:50:10] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 24ms - additional certificate,
[2020-06-24 22:50:10] [WARNING] [quad9-dnscrypt-ip4-filter-pri] is incompatible with anonymization,
[2020-06-24 22:50:20] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 28ms,
[2020-06-24 22:50:20] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 28ms - additional certificate,
[2020-06-24 22:50:20] [WARNING] [quad9-dnscrypt-ip4-filter-alt] is incompatible with anonymization,
[2020-06-24 22:50:20] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 101ms,
[2020-06-24 22:50:20] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 101ms - additional certificate,
[2020-06-24 22:50:20] [WARNING] [quad9-dnscrypt-ip4-filter-pri] is incompatible with anonymization,
[2020-06-24 22:50:30] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 31ms,
[2020-06-24 22:50:30] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 31ms - additional certificate,
[2020-06-24 22:50:30] [WARNING] [quad9-dnscrypt-ip4-filter-alt] is incompatible with anonymization,
[2020-06-24 22:50:30] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 32ms,
[2020-06-24 22:50:30] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 32ms - additional certificate,
[2020-06-24 22:50:30] [WARNING] [quad9-dnscrypt-ip4-filter-pri] is incompatible with anonymization,
[2020-06-24 22:50:40] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 116ms,
[2020-06-24 22:50:40] [NOTICE] [quad9-dnscrypt-ip4-filter-alt] OK (DNSCrypt) - rtt: 116ms - additional certificate,
[2020-06-24 22:50:40] [WARNING] [quad9-dnscrypt-ip4-filter-alt] is incompatible with anonymization,
[2020-06-24 22:50:40] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 101ms,
[2020-06-24 22:50:40] [NOTICE] [quad9-dnscrypt-ip4-filter-pri] OK (DNSCrypt) - rtt: 101ms - additional certificate,
[2020-06-24 22:50:40] [WARNING] [quad9-dnscrypt-ip4-filter-pri] is incompatible with anonymization,
from dnscrypt-proxy-docker.
Hi!
This has nothing to do with the Docker image :)
As printed, Quad9 resolvers are currently incompatible with anonymization. This is not intentional, but a bug in the load-balancing software they are using.
The bug has been fixed, and the fix will be part of the next version of that software (dnsdist).
from dnscrypt-proxy-docker.
Thanks for the confirmation @jedisct1
I came to the same conclusion and opened a case with quad9. They haven't responded yet.
Can you clarify if quad9 is planning to support anonymization?
(Is that the bug you are referring to?)
Adit
from dnscrypt-proxy-docker.
@klutchell
I understand the original issue is not related to the Docker image.
Not related, but in the logs, there's the errors below. Is it a permissions, UID or other issue with how I'm running the image?
[WARNING] /config/quad9-resolvers.md: open sf-nxogfglmym7uxc3m.tmp: permission denied,
[WARNING] /config/relays.md: open sf-eayecvbucnwm4pfj.tmp: permission denied,
from dnscrypt-proxy-docker.
I'm assuming it's attempting to create those temp files in the /config
folder but @jedisct1 can correct me if I'm wrong.
It looks like the warning is probably due to the limited default nobody
user. Since you're mounting your /config
directory then yes, it's likely the default UID does not have write access.
One test would be to change the permissions on your local config folder before mounting it. Try 777
to see if the warnings go away.
Another test you could try is running the container with --user 0
to see if the temp files get created. I wouldn't recommend leaving it in this mode but it might answer some questions.
I don't know if these warnings are actually breaking anything either?
from dnscrypt-proxy-docker.
Hello @klutchell
Changing the config directory's permission to allow writing by other corrected the problem. Thanks.
from dnscrypt-proxy-docker.
Related Issues (20)
- Add `dig` binary to image to allow defining health probes HOT 11
- Reporting a vulnerability
- ACTION REQUIRED: Changes to pulling Chainguard Images
- Permission denied for public-resolvers.md and relays.md HOT 5
- Feature request: Support for timezone with tzdata HOT 3
- Question on the removed `HEALTHCHECK` HOT 2
- [Question] How to setup to work alongside a Pi-hole container? HOT 10
- Is it possible that you add parameter for timezone? HOT 2
- logs HOT 2
- Unable to load the configuration file [/config/dnscrypt-proxy.toml] HOT 1
- 2.1.0 is released today HOT 1
- DNSCrypt Proxy No longer working after update to 2.1.0 HOT 2
- Problem getting oDoH to work HOT 2
- Configuration File Not Being Read
- "Latest" Image Restarting (132) Issue HOT 9
- Clarify proper permissions for config volume HOT 3
- Anonymized DNSCrypt doesn't work in WSL2 or Hyper-V on Windows HOT 12
- How nx and query logs can be checked? HOT 3
- Dependency Dashboard
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dnscrypt-proxy-docker.