#165 dnscrypt-proxy error

Open
opened 9 months ago by kefahec936 · 4 comments

hello im using TP-Link TL-WR1043ND v2, libreCMC v1.5.13. i installed package luci-app-dnscrypt-proxy, but when i enter services>DNSCrypt-Proxy>View Logfile then errors appear:

Sun May 21 18:33:50 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates
Sun May 21 18:34:05 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates
Sun May 21 18:34:08 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates
Sun May 21 18:34:23 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates
Sun May 21 18:34:29 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates
Sun May 21 18:34:44 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates

could anyone help me with this issue? thank you

hello im using TP-Link TL-WR1043ND v2, libreCMC v1.5.13. i installed package luci-app-dnscrypt-proxy, but when i enter services>DNSCrypt-Proxy>View Logfile then errors appear: ```Sun May 21 18:33:49 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates Sun May 21 18:33:50 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates Sun May 21 18:34:05 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates Sun May 21 18:34:08 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates Sun May 21 18:34:23 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates Sun May 21 18:34:29 2023 daemon.info dnscrypt-proxy[3122]: dnscrypt-proxy Refetching server certificates Sun May 21 18:34:44 2023 daemon.err dnscrypt-proxy[3122]: dnscrypt-proxy Unable to retrieve server certificates ``` could anyone help me with this issue? thank you
Ghost commented 8 months ago

Similar issue I'm having right now regarding building librecmc, the ca-certificates it is trying to reference no longer exist.

Similar issue I'm having right now regarding building librecmc, the ca-certificates it is trying to reference no longer exist.
dllud commented 6 months ago

@Ghost the errors @kefahec936 is experiencing should have little to do with ca-certificates. It seems that kefahec936's dnscrypt-proxy is just trying to reach resolvers which are no longer available.

@kefahec936 you should try other resolvers. You can configure them at /etc/config/dnscrypt-proxy. The OpenWrt Wiki provides some good guides:

You can find an up-to-date list of DNSCrypt resolvers at https://dnscrypt.info/public-servers/

On most places the resolvers details are now provided in the DNS Stamp format. Unfortunately such format isn't supported by the dnscrypt-proxy version available on libreCMC and OpenWrt. You must decode the DNS Stamp with something such as the Online DNS Stamp calculator to get the raw values.

Example with the OpenNIC resolver by i2pd:

/etc/config/dnscrypt-proxy

config dnscrypt-proxy 'opennic8fr'
	option address '[::1]'
	option port '5353'
	option providername '2.dnscrypt-cert.opennic.i2pd.xyz'
	option providerkey 'A9D6:323A:4F25:8009:2619:7515:02CE:231E:1F76:D9DE:776C:87C6:BBB2:8A0E:FFDB:0E4E'
	option resolveraddress '[2001:470:1f15:b80::53]:443'

/etc/config/dhcp

config dnsmasq
[…]
	option noresolv '1'
	list server '::1#5353'
[…]
@Ghost the errors @kefahec936 is experiencing should have little to do with `ca-certificates`. It seems that kefahec936's dnscrypt-proxy is just trying to reach resolvers which are no longer available. @kefahec936 you should try other resolvers. You can configure them at `/etc/config/dnscrypt-proxy`. The OpenWrt Wiki provides some good guides: - [DNSCrypt with Dnsmasq and dnscrypt-proxy](https://openwrt.org/docs/guide-user/services/dns/dnscrypt_dnsmasq_dnscrypt-proxy) - [dnscrypt-proxy](https://openwrt.org/docs/guide-user/services/dns/dnscrypt-proxy) You can find an up-to-date list of DNSCrypt resolvers at https://dnscrypt.info/public-servers/ On most places the resolvers details are now provided in the DNS Stamp format. Unfortunately such format isn't supported by the dnscrypt-proxy version available on libreCMC and OpenWrt. You must decode the DNS Stamp with something such as the [Online DNS Stamp calculator](https://dnscrypt.info/stamps/) to get the raw values. Example with the [OpenNIC resolver by i2pd](https://opennic.i2pd.xyz/): `/etc/config/dnscrypt-proxy` ``` config dnscrypt-proxy 'opennic8fr' option address '[::1]' option port '5353' option providername '2.dnscrypt-cert.opennic.i2pd.xyz' option providerkey 'A9D6:323A:4F25:8009:2619:7515:02CE:231E:1F76:D9DE:776C:87C6:BBB2:8A0E:FFDB:0E4E' option resolveraddress '[2001:470:1f15:b80::53]:443' ``` `/etc/config/dhcp` ``` config dnsmasq […] option noresolv '1' list server '::1#5353' […] ```

option port '5353'

option providername '2.dnscrypt-cert.opennic.i2pd.xyz'
option providerkey 'A9D6:323A:4F25:8009:2619:7515:02CE:231E:1F76:D9DE:776C:87C6:BBB2:8A0E:FFDB:0E4E'

@drift boss

option port '5353' option providername '2.dnscrypt-cert.opennic.i2pd.xyz' option providerkey 'A9D6:323A:4F25:8009:2619:7515:02CE:231E:1F76:D9DE:776C:87C6:BBB2:8A0E:FFDB:0E4E' @[drift boss](https://drift-boss.io)
Miakso commented 5 days ago

The DNS Stamp format now most commonly used to provide resolver details. The format in question isn't compatible only up

The DNS Stamp format now most commonly used to provide resolver details. The format in question isn't compatible <a href="https://onlyup-game.io/">only up</a>
Sign in to join this conversation.
Loading...
Cancel
Save
There is no content yet.