mr.travo wrote: ⤴Sat Mar 10, 2018 5:22 pm
Code: Select all
[ERROR] Unable to bind (UDP) [Address already in use]
When you install dnscrypt-proxy it launches itself which is what you are here told: dnscrypt-proxy in a manner much like dnsmasq in a standard Mint install is a nameserver running on your local machine, forwarding DNS queries to its configured upstream server, which would (should) in this case be 128.52.130.209:443. You however have configured 128.52.130.209 to be your nameserver
directly which is incorrect: you are to configure your local nameserver to be dnscrypt-proxy (by default 127.0.2.1:53) and in turn configure dnscrypt to forward to 128.52.130.209:443.
I was looking at providing a more direct answer but unfortunately there are a few complications: a minor one is Mint's NetworkManager using dnsmasq, a more substantial one is the dnscrypt-proxy package having been poorly architected. Specifically its systemd service files depend on a static database of upstream servers which is, of course, chronically out of date and indeed does not list your desired upstream server. Nor does in fact the current upstream version of that database, which leaves you needing to add it manually or edit the systemd service files. Leading you through this would turn this into a two-page post and I thought I'd first check if you are doing something more than just playing around with this stuff since, frankly, I myself wouldn't want any of this crap on my own system.
A third one is your current setup as indicated in your post not reflecting standard usage; specifically, you having 127.0.0.1 in your final /etc/resolv.conf meaning that you either edited a systemd .socket file already or have yet another layer of complication running: dnscrypt-proxy by default runs on 127.0.2.1:53 and adjusts /etc/resolv.conf to reflect so on service start. That is: unsure what your starting environment is like at the moment.
But then...
1. First of all restore the normal setup: i.e., remove the OpenNIC server from /etc/resolvconf/resolv.conf.d/head, the "dns-nameservers" from /etc/network/interfaces and unedit whichever dnscrypt-proxy config file you may have edited.
2. So as to for now not confuse things disable dnsmasq by commenting out (with a #) the "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf. You can optionally re-enable it later.
3. Copy /lib/systemd/system/dnscrypt-proxy.service to /etc/systemd/system and edit it to not use -R/--resolver-name but the -r, -N and -k parameters you need; directly or by adding them to /etc/default/dnscrypt-proxy and then grabbing them in the service file.
4. The /lib/systemd/system/dnscrypt-proxy.socket file should work as is if you use 127.0.2.1:53; should also be copied to /etc/systemd/system and edited if not.
This should basically get things up and running, but...
5. You will note the .socket file to depend on dnscrypt-proxy-resolvconf.service which upon start of the service replaces your /etc/resolv.conf for you. It's better to remove that dependency and just use NetworkManager: set the DNS server for the connection to non-DHCP and 127.0.2.1 manually.
6. If you alternatively wish to reintroduce dnsmasq in the path you should
definitely keep dnscrypt-proxy from adjusting /etc/resolv.conf and rather configure 127.0.2.1 as the one and only dnsmasq upstream server, having uncommented "dns=dnsmasq" in /etc/NetworkManager/NetworkManager.conf again: "server=127.0.2.1" in, say, /etc/NetworkManager/dnsmasq.d/dnscrypt.conf. Careful! dnsmasq by default adds dbus-retrieved upstream servers, and most importantly DHCP-retrieved ones. If you want encrypted DNS then dnscrypt-proxy should be your
only upstream server so you need to disable dbus for dnsmasq: "enable-dbus" or "enable-dbus=" (i.e., with empty parameter) in, say, /etc/NetworkManager/dnsmasq.d/disable-dbus.conf.
See how this all turns into massive rubbish? You'd as said do yourself a favour by forgetting you ever wanted it but hope it still helps...