| View previous topic :: View next topic |
| Author |
Message |
Skinjob2707
n00b
Joined: 07 Aug 2013
Posts: 57
|
 Posted: Sat Feb 17, 2018 6:33 pm Post subject: net-dns/dnscrypt-proxy 2.0.0 fails to bind to port 53 |
 |
|
My system recently upgraded to dnscrypt-proxy 2.0.0 and it isn't starting.
systemctl status dnscrypt-proxy
Results in:
| Code: | ● dnscrypt-proxy.service - DNSCrypt client proxy
Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2018-02-17 12:41:28 EST; 40min ago
Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
Process: 5801 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml (code=exited, status=255)
Main PID: 5801 (code=exited, status=255)
Feb 17 12:41:28 bluemeanie systemd[1]: Started DNSCrypt client proxy.
Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.>
Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [NOTICE] dnscrypt-proxy 2.0.0
Feb 17 12:41:28 bluemeanie dnscrypt-proxy[5801]: [2018-02-17 12:41:28] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=255/n/a
Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.
Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Start request repeated too quickly.
Feb 17 12:41:28 bluemeanie systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.
Feb 17 12:41:28 bluemeanie systemd[1]: Failed to start DNSCrypt client proxy. |
/etc/systemd/resolved.conf contains:
| Code: | # This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details
[Resolve]
#DNS=
#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=no
#Cache=yes
DNSStubListener=no
|
After changing the DNSStublisneer to no, I disabled and re-enabled the service. With systemd-resloved specifically stopped, netstat -tulpn produces:
| Code: | Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 4754/smbd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4730/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4700/cupsd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4731/postgres
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 4754/smbd
tcp6 0 0 :::139 :::* LISTEN 4754/smbd
tcp6 0 0 :::22 :::* LISTEN 4730/sshd
tcp6 0 0 ::1:631 :::* LISTEN 4700/cupsd
tcp6 0 0 ::1:5432 :::* LISTEN 4731/postgres
tcp6 0 0 :::445 :::* LISTEN 4754/smbd
tcp6 0 0 :::6881 :::* LISTEN 5205/ktorrent
udp 8320 0 0.0.0.0:8881 0.0.0.0:* 5205/ktorrent
udp 41728 0 0.0.0.0:9100 0.0.0.0:* 4696/socat
udp6 832 0 fe80::325e:f37f:d1d:546 :::* 5520/dhclient
udp6 25984 0 :::8881 :::* 5205/ktorrent |
Even with netstat showing nothing bound to 127.0.0.1:53, I still get the error message about not being able to bind to the address.
Thanks in advance for your help! |
|
| Back to top |
|
 |
gyakovlev
Developer
Joined: 01 Mar 2018
Posts: 1
|
| Posted: Thu Mar 01, 2018 6:13 pm Post subject: |
|
|
hey, you should change listen_addresses value to [] if running under systemd.
this may do the trick for you:
| Code: | | sed -i 's|\['\''127\.0\.0\.1:53'\'', '\''\[::1\]:53'\''\]|\[\]|g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml |
|
|
| Back to top |
|
|
comio
Advocate
Joined: 03 Jul 2003
Posts: 2191
Location: Taranto
|
| Posted: Tue Mar 13, 2018 9:51 am Post subject: |
|
|
| gyakovlev wrote: | hey, you should change listen_addresses value to [] if running under systemd.
this may do the trick for you:
| Code: | | sed -i 's|\['\''127\.0\.0\.1:53'\'', '\''\[::1\]:53'\''\]|\[\]|g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml |
|
this is true only if you are using systemd socket.
can you attach dnscrypt config? are you using a limited user to start dnscrypt? if yes, can this user open port 53? are you enabled filecaps USE flag? this last is required in order to listen port on 53 (if you are using the service directly).
Give also the output of | Code: | | systemctl status dnscrypt-proxy.socket |
and | Code: | | systemctl status dnscrypt-proxy.service |
ciao
luigi
_________________
RTFM!!!!
e
http://www.comio.it
 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
