DNScrypt DNSCrypt Stops when going into Diversion

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

TheMorpN

Regular Contributor
I just noticed something interesting and am not sure if it is normal.

I installed DNSCrypt this morning. I also have Diversion installed.

Everytime I go into Diversion and select 'f' to follow the log, it stops DNSscrypt. After I am done, it restarts DNSCrypt. Is this normal, or by design?

1619457065574.png
 

Zastoff

Very Senior Member
I just noticed something interesting and am not sure if it is normal.

I installed DNSCrypt this morning. I also have Diversion installed.

Everytime I go into Diversion and select 'f' to follow the log, it stops DNSscrypt. After I am done, it restarts DNSCrypt. Is this normal, or by design?

View attachment 33442
Gave it a quick test here with my setup.
For me it workes fine with checking the dnsmasq.log thru Diversion and DNSCrypt-proxy does not stop working.
What router do you have and firmware version?
 

TheMorpN

Regular Contributor
Gave it a quick test here with my setup.
For me it workes fine with checking the dnsmasq.log thru Diversion and DNSCrypt-proxy does not stop working.
What router do you have and firmware version?

I'm using the latest version: 386.2-2 . And my router is the RT-AC5300.

I had Diversion installed first, and then I installed dnscrypt, not sure if that makes a difference....

Also, I've attached my dnsmasq.postconf:

1619468711304.png
 

Patrick Walden

New Around Here
I'd given up on Diversion bc of this issue about a year ago.. would get both working sometimes, then a reboot would break it. If anyone can explain the proper install order etc, would be much appreciated! I *needz* my dnscrypt, but I sure do miss Diversion.

*also wanted to mention I had usually installed SkyNet as well, so could that be a 'co-existence' issue as well? Again, any help would be super appreciated. I'd be willing to write up a proper guide to help people w/ this issue. I have 3 R7000's on hand, so I can just make a backup if things don't work out - I'd always have to do a full reinstall to get Dnscrypt back up and running.

"Give me privacy, or give me death!" ;)
 
Last edited:

dave14305

Part of the Furniture
I once saw an odd issue with NextDNS (also written in Go) where a CTRL-C in the same terminal session that started nextdns would cause it to abort. It wasn’t properly catching the SIGINT or whatever signal is sent.

It was fixed in nextdns with this commit:
I don’t know if it’s even close to this issue, but a tail -f is always followed by a ctrl-c eventually.
 

TheMorpN

Regular Contributor
Looks like I was able to fix the issue.
Here is what I did:
  1. Uninstalled dnscrypt
  2. Uninstalled Diversion
  3. Rebooted
  4. Installed dnscrypt
  5. Rebooted
  6. Installed Diversion
  7. Rebooted

It seems that step 5 was the one that did the trick. I am not sure if it is just my setup, but it seems that, in order to get everything working together, there is a sequence that needs to be followed.

It has been running for only about 15 mins so far, but I was able to do a "tail -f" and "follow the log" in DIversion, pressing CTL+C to stop the view, and so far, DNScrypt has not stoped.

I will keep running a few more tests, but it seems that the sequence is very important....:)
 

Zastoff

Very Senior Member
I'm using the latest version: 386.2-2 . And my router is the RT-AC5300.

I had Diversion installed first, and then I installed dnscrypt, not sure if that makes a difference....

Also, I've attached my dnsmasq.postconf:

View attachment 33446
Don't think the install order should make any difference.
Had a rt-ac87u before and never experienced any issues with dnscrypt-proxy/diversion or skynet. Got a ax88u about a week ago and set it up from scratch, installed 386.2_2 and started out with a full reset and then installed the scripts in my signature, all working really well.
I have dnsfilter set to global mode=router
And on the 87u I always set under tools/other settings: Wan: Use local caching DNS server as system resolver (default: No) =yes
Set it like that on my ax88u also if that could make a difference..
Otherwise i will retest tomorrow with nextdns server set in dnscrypt and check again with diversion and dnsmasq.log
 
Last edited:

TheMorpN

Regular Contributor
Don't think the install order should make any difference.
Had a rt-ac87u before and never experienced any issues with dnscrypt-proxy/diversion or skynet. Got the ax88u about a week ago and set it up from scratch installed 386.2_2 and started out with a full reset and then installed the scripts in my signature, all working really well.
I have dnsfilter set to global mode=router
And on the 87u I always set under tools/other settings: Wan: Use local caching DNS server as system resolver (default: No) =yes
Set it like that on my ax88u also if that could make a difference..
Otherwise i will retest tomorrow with nextdns server set in dnscrypt and check again with diversion and dnsmasq.log

Interesting. I would tend to agree with you, however, I am not sure why it started to work properly after I did the above steps. In any case, I also have the same settings on my router as you.

I'll keep running more tests on my router and see what happens.

Thanks for your help.
 

Zastoff

Very Senior Member
Interesting. I would tend to agree with you, however, I am not sure why it started to work properly after I did the above steps. In any case, I also have the same settings on my router as you.

I'll keep running more tests on my router and see what happens.

Thanks for your help.
Glad you got it working ;)
Hope the continued tests will work also.
 

Zastoff

Very Senior Member
Thanks.

As an additional question, is there an online site or a way to check, ensure that dnscrypt is actually working?
In your ssh terminal
Code:
pidof dnscrypt-proxy
Should return a number if the proxy works

Or if you try with cloudflare doh server they have a test site (but dnssec needs to be disabled during that test to work, re enable dnssec in router gui after the test)
Nextdns also have a way to check that if you log in on the account site i think.
Syslog also gives info on chosen servers when dnscrypt-proxy starts on what protocol is used for selected servers.
Hope this helps ;)
 
Last edited:

TheMorpN

Regular Contributor
Interesting. I am not sure if this is normal now. I have never seen this before. It seems that during the night, DNScrypt stopped and restarted. The only link is that the dnsmasq.log file was rotated:
1619531241798.png


Is this normal? If this happens every night, does this mean that during that time, there will be no DNS security?
 

Zastoff

Very Senior Member
Interesting. I am not sure if this is normal now. I have never seen this before. It seems that during the night, DNScrypt stopped and restarted. The only link is that the dnsmasq.log file was rotated:
View attachment 33456

Is this normal? If this happens every night, does this mean that during that time, there will be no DNS security?
Yes this is normal
The randomization health check restart the proxy takes ~1sec
It is to help randomize relay servers if that is used(Anonymized DNSCrypt)
Diversion rotate the dnsmasq.log at 05.20 every morning, it is not related to the dnscrypt-proxy restart.
 
Last edited:

SomeWhereOverTheRainBow

Very Senior Member
Interesting. I am not sure if this is normal now. I have never seen this before. It seems that during the night, DNScrypt stopped and restarted. The only link is that the dnsmasq.log file was rotated:
View attachment 33456

Is this normal? If this happens every night, does this mean that during that time, there will be no DNS security?
Yep, in this instance- only dnscrypt-proxy gets restarted. It is mainly for making sure dnscrypt-proxy did not snapfu and stop working. Also, it ensures the relays after a period of time get a chance to change order (kind of to create a randomization). Dnscrypt proxy in a coming future update will add this as a feature. When that happens, this check will only check to see if dnscrypt proxy is running.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top