Anyone setup DNSCrypt with PiHole on a RBP?

[Lordhumungus]

Hi All,

I've been banging my head against the wall for about 2 days here trying to get DNSCrypt and PiHole working together.

I've followed the guide posted here to a T and have gotten absolutely nowhere.

The guide itself seems very straightforward, but when I finish, and use the "./dnscrypt-proxy -resolve [insertwebsitehere]" command, nothing resolves and I can't ping anything.

I've tried a few hours of troubleshooting with a friend of mine, but haven't made any progress at all and don't know enough about the *nix environment or what is happening here to really go any further.

The current state of the machine has PiHole removed (as I was trying to get DNSCrypt to work on its own), but with DNSCrypt not currently able to be run. I'm assuming this is due to having commented out, or uncommented something in one of the config files as I've gone back and forth with these about 500 different times with no luck.

For reference, the error I get is:
" [FATAL] Failed to start DNSCrypt client proxy: "systemctl" failed: exit status 4"

Even when I was not having this error and I had DNSCrypt running, I still was not able to get the full setup to work based on the guide. I was able to get DNSCrypt to resolve correctly using the above command, but as soon as I tried to do anything with PiHole or hook anything into, it stopped working.

Any help or ideas anyone has would be appreciated. I am very determined to get this working, but feel like I'm at a bit of a brick wall because I don't know what else to do/check.

Thanks for reading!

 

[ch33zw1z]

Reinstall it and try again.

 

[Lordhumungus]

Appreciate the suggestion, but I’ve tried that with the same results.

 

[ch33zw1z]

How are you doing the remove?

If you enter (I may be wrong on exact syntax here, buy you get the drift)

Sudo systemctl dnscrypt-proxy -status

What's returned?

 

[Lordhumungus]

I had to re-start the RBP because I wasn't seeing it connected anywhere and it seems like DNSCrypt is running properly again (I was able to ping and run a resolve with it).

Still not sure how I can get this working with PiHole however as this is as far as I ever get without something failing.

Probably not relevant anymore, but the results for running "sudo systemctl status dnscrypt-proxy" are:

● dnscrypt-proxy.service - Encrypted/authenticated DNS proxy
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2018-05-11 15:18:52 PDT; 1min 41s ago
Process: 1328 ExecStart=/home/pi/dnsproxy/dnscrypt-proxy (code=exited, status=255)
Main PID: 1328 (code=exited, status=255)

May 11 15:18:52 Corpus_Colossus systemd[1]: dnscrypt-proxy.service: main pro...a
May 11 15:18:52 Corpus_Colossus systemd[1]: Unit dnscrypt-proxy.service ente....
Hint: Some lines were ellipsized, use -l to show in full.

Edit: As far as the remove I don't even remember how I did it at this point, that was on like hour 8 of tinkering, so I'm a little foggy.

 

[ch33zw1z]

Step 1 leaves much of the specifics out. There's potentially extensive config, but doesn't look too bad for a base config.

An important thing in Unix, or really any OS, any base config file that's working, copy it out before editing.

So start at step 1, take your time...and maybe move the thread to the Linux section to see of you get more help. I haven't setup pihole or dnscrypt-proxy, but did a dns redirect thing a few years ago

 

[Lordhumungus]

Thanks for the suggestion. I've done and re-done from scratch many times now, but still no luck.

I'll see about moving the thread though.

 

[Lordhumungus]

Ok, I completely re-installed the OS and started from scratch. I have a better handle on usage and some do's and don'ts, so this time I made sure to make obvious copies of every file I edited as well as information on what exactly I edited and locations etc.

All of that said, I'm still in the exact same spot with it not working correctly.

One new oddity in the mix is that I went ahead and grabbed the FTLDNS version of PiHole (and verified that it was fully updated etc) in order to be able to use the "Local DNS server on custom port" option in the web admin interface, BUT the option is still not present.

I'm really at a loss on this one. It seems so weird to me that there would be such a simple setup as a Wiki that just straight-up does not work for me.

Thoughts?

 

[Lordhumungus]

So upon further reflection and reading that status message again after the latest attempt, it looks like the dnscrypt-proxy service won't run.

Anyone have any insights on how I can figure out the cause for that? I do see the exit code 255 message, but I have no idea what that means.

 

[ch33zw1z]

What does man pages say?

 

[Lordhumungus]

I'm sorry, not sure exactly what you mean there.

Edit: When in doubt, google it out. I tried man dnscrypt-proxy, but it says there is no manual entry. Not sure if there is some syntax/location/other brand of unknown wizardry I should be using.

 

[ch33zw1z]

Can you manually start it? Or just cant get the service to run?

Post the command and output

 

[Lordhumungus]

If I try to manually start it using "sudo ./dnscrypt-proxy -service start", I get:

[2018-05-14 14:19:07] [NOTICE] Source [public-resolvers.md] loaded
[2018-05-14 14:19:07] [NOTICE] dnscrypt-proxy 2.0.12
[2018-05-14 14:20:12] [NOTICE] Service started

Then, I run "sudo systemctl status dnscrypt-proxy" and get:

● dnscrypt-proxy.service - Encrypted/authenticated DNS proxy
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Mon 2018-05-14 14:24:16 PDT; 28s ago
Process: 1829 ExecStart=/opt/dnscrypt-proxy/dnscrypt-proxy (code=exited, status=255)
Main PID: 1829 (code=exited, status=255)

May 14 14:24:16 Corpus_Colossus systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

On another note, one of the PiHole devs responded to me about the Local DNS option being gone. It's apparently now integrated into any of the custom DNS fields with the syntax (host#port). I'm trying to edit the Wiki page, but for some reason GitHub flagged my account, so I'll do that as soon as I can.

 

[Lordhumungus]

Ok, so the latest update after a little bit of info on the PiHole Discourse is that I determined something called "avahi-daemon" uses port 5353.

Figured this out by first enabling the most verbose logging level by setting log_level = 0 in the dnscrypt-proxy.toml file.

This then gave me the error "[2018-05-16 12:14:24] [FATAL] listen udp 127.0.0.1:5353: bind: address already in use" in the log, which told me it was in use, but not by what.

I then ran "sudo netstat -tulpen | grep 5353" to figure out what was using the port I needed, which returned avahi-daemon. I then ran "sudo netstat -tulpen" to show all ports in use so I didn't win the fail lottery again when changing the ports.

Port is now changed to 5354 in all required config files (I may change this later, but for now just wanted literally anything that wasn't in use).

Current status is that DNSCrypt is now running and doesn't show any errors in the log, but I still cannot resolve or ping anything.

Latest error message from a ping is "Temporary failure in name resolution".

Seem to be making some kind of progress, but not really sure where to go from here.

 

[Lordhumungus]

Final update for anyone that finds this, one I switched to the FTDLNS branch of PiHole and figured out how to input custom IP/port #'s in the admin interface, everything now works exactly as expected. I updated the original wiki to reflect the changes to FTLDNS and how to input the custom IP/port #. The next and hopefully final challenge is going to be getting PiVPN working correctly with all this, which so far has also been giving me fits, but we'll get there eventually.