FS#45970 - [dnscrypt-proxy] 1.6.0-2 sometimes it starts sometimes it fails + weird boot messages...

Attached to Project: Community Packages
Opened by AndrzejL (AndrzejL) - Wednesday, 12 August 2015, 19:50 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Saturday, 05 September 2015, 11:27 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

I don't even know where to start... Ok...

So I've upgraded my machines as always. One of the upgraded packages was dnscrypt-proxy.

During the upgrade I've found this message:

"Since 1.6.0-2 the conf.d file is no longer in use. We have enabled systemd support and providing upstream systemd units.
You will need to use the systemd way (overriding in /etc/systemd/system/dnscrypt-proxy.{service,socket}.d) to apply your customization"

No worries I thought. Edited the dnscrypt-proxy.service file so it looked like this:

[Unit]
Description=DNSCrypt client proxy
Requires=dnscrypt-proxy.socket

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

[Service]
Type=simple
NonBlocking=true
ExecStart=/usr/bin/dnscrypt-proxy \
--provider-name=2.dnscrypt-cert.opendns.com \
--resolver-address=208.67.220.220:443 \
--provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 \
--user=nobody

Reloaded / restarted dnscrypt-proxy. Fine. works. Great.

Rebooted...

journalctl -x -l --no-pager -p 3

1 machine:

Aug 12 20:12:15 andrzejl.eu systemd[1]: sockets.target: Job sockets.target/start deleted to break ordering cycle starting with basic.target/start
Aug 12 20:12:35 andrzejl.eu systemd[1]: sockets.target: Job sockets.target/start deleted to break ordering cycle starting with basic.target/start
Aug 12 20:12:35 andrzejl.eu systemd[1]: sockets.target: Job sockets.target/start deleted to break ordering cycle starting with sockets.target/start

2 machine

Aug 12 20:20:40 wishmasus.loc systemd[1]: sockets.target: Job sockets.target/start deleted to break ordering cycle starting with basic.target/start

And now the fun part. Sometimes dnscrypt-proxy loads fine, sometimes it fails to start...

Examples:

Success:

● dnscrypt-proxy.service - DNSCrypt client proxy
Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2015-08-12 20:32:46 IST; 1min 43s ago
Main PID: 314 (dnscrypt-proxy)
CGroup: /system.slice/dnscrypt-proxy.service
└─314 /usr/bin/dnscrypt-proxy --provider-name=2.dnscrypt-cert.opendns.com --resolver-address=208.67.220.220:443 --provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 --user=nobody

Aug 12 20:32:46 wishmasus.loc systemd[1]: Started DNSCrypt client proxy.
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [NOTICE] Starting dnscrypt-proxy 1.6.0
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] Generating a new session key pair
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] Done
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] Server certificate #1435874751 received
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] This certificate looks valid
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [INFO] Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
Aug 12 20:32:46 wishmasus.loc dnscrypt-proxy[314]: [NOTICE] Proxying from 127.0.0.1:53 to 208.67.220.220:443
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
debug.opendns.com text = "server 9.lon"
debug.opendns.com text = "flags 20 0 70 5950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source 86.44.169.14:53134"
debug.opendns.com text = "dnscrypt enabled (717744506545635A)"

Authoritative answers can be found from:


; <<>> DiG 9.10.2-P3 <<>> debug.opendns.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13148
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; ANSWER SECTION:
debug.opendns.com. 0 IN TXT "server 9.lon"
debug.opendns.com. 0 IN TXT "flags 20 0 70 5950800000000000000"
debug.opendns.com. 0 IN TXT "originid 0"
debug.opendns.com. 0 IN TXT "actype 0"
debug.opendns.com. 0 IN TXT "source 86.44.169.14:53134"
debug.opendns.com. 0 IN TXT "dnscrypt enabled (717744506545635A)"

;; Query time: 28 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 12 20:34:36 IST 2015
;; MSG SIZE rcvd: 247

Failure...

● dnscrypt-proxy.service - DNSCrypt client proxy
Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
Active: inactive (dead)

And the funny thing is - no configs were changed. Just rebooted the machine.

Disabling dnscrypt-proxy and running ln -s /usr/lib/systemd/system/dnscrypt-proxy.service /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service sometimes makes it fail less often...

I really do not know how to diagnose it more. Its a random success / failure. Reboot and flip a coin kind of situation...

I am pretty sure my config is ok. I am pretty sure I did nothing idiotic... but please correct me if I am wrong.

Please also do not hesitate to ask any additional questions.

Thanks in advance for testing / fixing this.

Cheers.

Andrzej
This task depends upon

Closed by  Bartłomiej Piotrowski (Barthalion)
Saturday, 05 September 2015, 11:27 GMT
Reason for closing:  Fixed
Additional comments about closing:  dnscrypt-proxy 1.6.0-3
Comment by Federico (FerikD) - Friday, 14 August 2015, 09:39 GMT


# nano /usr/lib/systemd/system/dnscrypt-proxy.socket

[Unit]

After=network.target

-------

[Unit]

Before=network.target



before not after :D

# systemctl stop dnscrypt-proxy
# systemctl disable dnscrypt-proxy
# systemctl enable dnscrypt-proxy

reboot :)
Comment by AndrzejL (AndrzejL) - Friday, 14 August 2015, 13:48 GMT
And we have a winner ;)...

Thanks FerikD...

Andrzej
Comment by Oleksandr Natalenko (post-factum) - Sunday, 16 August 2015, 08:40 GMT
Same issue here, I've just rewritten service file to make it work OK.
Comment by Oleksandr Natalenko (post-factum) - Monday, 17 August 2015, 07:27 GMT
My boot log message:

===
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found ordering cycle on dnscrypt-proxy.socket/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on network.target/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on network-pre.target/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on nftables.service/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on basic.target/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on sockets.target/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Found dependency on dnscrypt-proxy.socket/start
сер 14 23:42:20 defiant systemd[1]: dnscrypt-proxy.socket: Breaking ordering cycle by deleting job network.target/start
сер 14 23:42:20 defiant systemd[1]: network.target: Job network.target/start deleted to break ordering cycle starting with dnscrypt-proxy.socket/start
===

Tried also to enable both of .socket/.service as well as to enable/disable one of .socket/.service with no luck.
Comment by AnAkkk (AnAkkk) - Tuesday, 18 August 2015, 09:39 GMT
A fix is available upstream:
https://github.com/jedisct1/dnscrypt-proxy/commit/f20d71fb863b6d1f4588b6b175efa9f2fd331d90

See https://github.com/jedisct1/dnscrypt-proxy/issues/256

Loading...