ich versuche einen bind9 mit dnscrypt-proxy aufzusetzen, scheitere aber an verschiedenen Fragen:
Code: Alles auswählen
root@ueberwachungs:/home/gosa# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.socket; static; vendor preset: enabled)
Active: active (listening) since Fri 2021-02-12 13:05:27 CET; 4s ago
Listen: 127.0.2.1:53 (Stream)
127.0.2.1:53 (Datagram)
Tasks: 0 (limit: 856)
Memory: 32.0K
CGroup: /system.slice/dnscrypt-proxy.socket
Feb 12 13:05:27 ueberwachungs systemd[1]: Listening on dnscrypt-proxy.socket.
Code: Alles auswählen
root@ueberwachungs:/home/gosa# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.socket; static; vendor preset: enabled)
Active: inactive (dead) since Fri 2021-02-12 12:54:07 CET; 1min 14s ago
Listen: 127.0.2.1:40 (Stream)
127.0.2.1:40 (Datagram)
Feb 12 12:51:29 ueberwachungs systemd[1]: Listening on dnscrypt-proxy.socket.
Feb 12 12:54:07 ueberwachungs systemd[1]: dnscrypt-proxy.socket: Succeeded.
Feb 12 12:54:07 ueberwachungs systemd[1]: Closed dnscrypt-proxy.socket.
Code: Alles auswählen
root@ueberwachungs:/home/gosa# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-02-12 12:51:41 CET; 2min 1s ago
Docs: man:named(8)
Process: 490 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 510 (named)
Tasks: 4 (limit: 856)
Memory: 21.2M
CGroup: /system.slice/bind9.service
└─510 /usr/sbin/named -u bind
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-291.awsdns-36.com/AAAA/IN': 2600:9000:5304:a400::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1680.awsdns-18.co.uk/A/IN': 2600:9000:5307:1600::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1680.awsdns-18.co.uk/A/IN': 2600:9000:5305:d500::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1289.awsdns-33.org/AAAA/IN': 2600:9000:5304:2400::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1289.awsdns-33.org/AAAA/IN': 2600:9000:5300:a100::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1289.awsdns-33.org/AAAA/IN': 2600:9000:5306:6100::1#53
Feb 12 12:53:07 ueberwachungs named[510]: network unreachable resolving 'ns-1289.awsdns-33.org/AAAA/IN': 2600:9000:5302:e300::1#53
Feb 12 12:53:07 ueberwachungs named[510]: connection refused resolving 'mairdumont.com/DS/IN': 127.0.2.1#53
Feb 12 12:53:08 ueberwachungs named[510]: network unreachable resolving 'ns-1680.awsdns-18.co.uk/AAAA/IN': 2600:9000:5307:1600::1#53
Feb 12 12:53:08 ueberwachungs named[510]: network unreachable resolving 'ns-1289.awsdns-33.org/A/IN': 2600:9000:5306:6100::1#53
Code: Alles auswählen
root@ueberwachungs:/home/gosa# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-02-12 13:02:31 CET; 1min 39s ago
Docs: man:named(8)
Process: 491 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 500 (named)
Tasks: 4 (limit: 856)
Memory: 20.3M
CGroup: /system.slice/bind9.service
└─500 /usr/sbin/named -u bind
Feb 12 13:02:53 ueberwachungs named[500]: network unreachable resolving 'anyns.pch.net/AAAA/IN': 2620:0:872::231:3#53
Feb 12 13:02:53 ueberwachungs named[500]: network unreachable resolving 'g.ntpns.org/AAAA/IN': 2620:95:4002::123#53
Feb 12 13:02:53 ueberwachungs named[500]: network unreachable resolving 'anyns.pch.net/A/IN': 2001:418:3f4::5#53
Feb 12 13:02:53 ueberwachungs named[500]: network unreachable resolving 'anyns.pch.net/AAAA/IN': 2001:418:3f4::5#53
Feb 12 13:02:53 ueberwachungs named[500]: connection refused resolving 'org/DS/IN': 127.0.2.1#53
Feb 12 13:02:53 ueberwachungs named[500]: connection refused resolving 'ntp.org/DS/IN': 127.0.2.1#53
Feb 12 13:02:53 ueberwachungs named[500]: network unreachable resolving 'ntp.org/DS/IN': 2001:500:48::1#53
Feb 12 13:02:53 ueberwachungs named[500]: connection refused resolving 'org/DNSKEY/IN': 127.0.2.1#53
Feb 12 13:04:04 ueberwachungs named[500]: connection refused resolving 'database.clamav.net/A/IN': 127.0.2.1#53
Feb 12 13:04:04 ueberwachungs named[500]: connection refused resolving 'database.clamav.net/AAAA/IN': 127.0.2.1#53
root@ueberwachungs:/home/gosa# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.socket; static; vendor preset: enabled)
Active: failed (Result: service-start-limit-hit) since Fri 2021-02-12 13:02:47 CET; 1min 28s ago
Listen: 127.0.2.1:53 (Stream)
127.0.2.1:53 (Datagram)
Feb 12 13:02:19 ueberwachungs systemd[1]: Listening on dnscrypt-proxy.socket.
Feb 12 13:02:47 ueberwachungs systemd[1]: dnscrypt-proxy.socket: Failed with result 'service-start-limit-hit'.
Wo mein dnscrypt-proxy.socket eigentlich anbieten sollte. Auf 127.0.2.1:53 sollte crypt DNS für lokalen bind8, bietet für clients dann auf 127.0.0.1:53 an, anbieten. Irgend wie beißt sich bind9 und dnscrypt-proxy am Port von 127.0.2.1:53. Wenn ich dnscrypt-proxy auf 127.0.2.1:40 laufen lasse habe ich den Fehler nicht. Aber dann kommuniziert mein bind9 doch nicht mehr über dnscrypt-proxy?forwarders {
127.0.2.1;
Code: Alles auswählen
Listen: 127.0.2.1:40 (Stream)
127.0.2.1:40 (Datagram)
und perroot@ueberwachungs:/home/gosa# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-02-12 15:05:46 CET; 28s ago
Docs: man:named(8)
Process: 1339 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1340 (named)
Tasks: 4 (limit: 856)
Memory: 8.7M
CGroup: /system.slice/bind9.service
└─1340 /usr/sbin/named -u bind
Feb 12 15:05:46 ueberwachungs named[1340]: managed-keys-zone: loaded serial 9
Feb 12 15:05:46 ueberwachungs named[1340]: zone 0.in-addr.arpa/IN: loaded serial 1
Feb 12 15:05:46 ueberwachungs named[1340]: zone 127.in-addr.arpa/IN: loaded serial 1
Feb 12 15:05:46 ueberwachungs named[1340]: zone 255.in-addr.arpa/IN: loaded serial 1
Feb 12 15:05:46 ueberwachungs named[1340]: zone localhost/IN: loaded serial 2
Feb 12 15:05:46 ueberwachungs named[1340]: all zones loaded
Feb 12 15:05:46 ueberwachungs named[1340]: running
Feb 12 15:05:46 ueberwachungs systemd[1]: Started BIND Domain Name Server.
Feb 12 15:05:53 ueberwachungs named[1340]: connection refused resolving './DNSKEY/IN': 127.0.2.1#53
Feb 12 15:05:53 ueberwachungs named[1340]: managed-keys-zone: Unable to fetch DNSKEY set '.': SERVFAIL
root@ueberwachungs:/home/gosa# systemctl status dnscrypt-proxy.socket
● dnscrypt-proxy.socket
Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.socket; static; vendor preset: enabled)
Active: failed (Result: service-start-limit-hit) since Fri 2021-02-12 15:05:50 CET; 50s ago
Listen: 127.0.2.1:53 (Stream)
127.0.2.1:53 (Datagram)
Feb 12 15:05:26 ueberwachungs systemd[1]: Listening on dnscrypt-proxy.socket.
Feb 12 15:05:50 ueberwachungs systemd[1]: dnscrypt-proxy.socket: Failed with result 'service-start-limit-hit'.
root@ueberwachungs:/home/gosa#
Code: Alles auswählen
systemctl disable dnscrypt-proxy.socket
systemctl enable dnscrypt-proxy.service
Was kann ich zur Lösung des Problems tun? Mir fehlt da das Verständnis des Problems im System. Über Tipps und Infos wäre ich dankbar.● dnscrypt-proxy.service - DNSCrypt client proxy
Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-02-12 14:56:18 CET; 13s ago
Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
Process: 1151 ExecStart=/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml (code=exited, status=255/EXCEPTION)
Main PID: 1151 (code=exited, status=255/EXCEPTION)
Feb 12 14:56:17 ueberwachungs systemd[1]: Started DNSCrypt client proxy.
Feb 12 14:56:18 ueberwachungs dnscrypt-proxy[1151]: [2021-02-12 14:56:18] [NOTICE] Source [/var/cache/dnscrypt-proxy/public-resolvers.md] loaded
Feb 12 14:56:18 ueberwachungs dnscrypt-proxy[1151]: [2021-02-12 14:56:18] [NOTICE] dnscrypt-proxy 2.0.19
Feb 12 14:56:18 ueberwachungs dnscrypt-proxy[1151]: [2021-02-12 14:56:18] [FATAL] listen udp 127.0.2.1:53: bind: permission denied
Feb 12 14:56:18 ueberwachungs systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=255/EXCEPTION
Feb 12 14:56:18 ueberwachungs systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.
Feb 12 14:56:18 ueberwachungs systemd[1]: dnscrypt-proxy.service: Start request repeated too quickly.
Feb 12 14:56:18 ueberwachungs systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.
Feb 12 14:56:18 ueberwachungs systemd[1]: Failed to start DNSCrypt client proxy.
~
Gruß Markus