Having all sorts of issues connecting to internet on laptop; discovered DNSCrypt was to blame!

Comments

14 comments

  • Avatar
    rotblitz

    "Any ideas about what might've been causing this?"

    Sure, you answered it yourself: "while traveling the last couple of days"

    OpenDNS (and other 3rd party DNS services) are for networks you own, not for your devices in other networks.  They simply may block 3rd party DNS, as I do in my networks...

    "Obviously, I'm going to leave it off until I hear of a fix..."

    Yes, sure, obviously.  You should never have started with it.  There's nothing to fix.

    Btw, Umbrella has what you're looking for: http://www.opendns.com/enterprise-security/

    "Also, I notice that the DNSCrypt menubar app is still a 0.10 beta, so wonder if it's still being developed? Hopefully an update might fix my issue??"

    You don't have to use a GUI.  Installing/running the dnscrypt-proxy alone is fully sufficient. 
    http://dnscrypt.org/

    0
    Comment actions Permalink
  • Avatar
    macdoktor

    I don't know how I'm supposed to just "know" this as obviously as you do! I've been using this tool for some time now, but on a desktop, so had no idea that it was 'inappropriate' to use on a laptop when using other networks! And your comment that "OpenDNS [...is] for networks you own, not for your devices in other networks" goes against everything I've ever known about OpenDNS! What wouldn't I use the OpenDNS server settings everywhere I go?

    And I may not have to use a GUI to use DNSCrypt, but if I don't know how to 'run the dnscrypt-proxy alone', then it doesn't do me much good, does it? I know you gave me a link, but not everyone has time to go learn about such things, especially when OpenDNS is offering a GUI-based solution! I guess my question should have been: "Why would OpenDNS offer the menubar app if they never intend to finish it (take it out of beta)?" Couldn't it be updated with a feature that recognized when a laptop is connected to a recognized network and automatically disable the DNSCrypt feature, while still using OpenDNS's servers?

    Not all of us are as knowledgable about all this as you. I'll take a look at Umbrella...

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I don't know how I'm supposed to just "know" this as obviously as you do!"

    You don't be supposed to know, and therefore I told you it.

    "What wouldn't I use the OpenDNS server settings everywhere I go?"

    You don't use it.  Or at least you don't complain as you did now if it doesn't work.  The admins of the other networks can do it as they want, and you have absolutely no control over it.

    "if I don't know how to 'run the dnscrypt-proxy alone', then it doesn't do me much good, does it?"

    Beside that it's briefly and accurately described at http://dnscrypt.org/, there is more troubleshooting information available, e.g.: 
    https://support.opendns.com/entries/25418695-I-tried-everthing-but-OpenDNS-still-not-working 
    https://support.opendns.com/entries/22130700-how-to-install-the-best-version-of-DNSCrypt-
     
    https://support.opendns.com/entries/21729274-More-details-about-installing-DNSCrypt- 
    and more.

    "not everyone has time to go learn about such things"

    No comment except that we monkeys stil climbed the trees if we didn't learn.  And you wouldn't use a computer and the internet at all, would you?

    "especially when OpenDNS is offering a GUI-based solution!"

    No, they don't.  How could you think?  They just support the server side, not the client (your) side.  I.e. they allow you to send encrypted DNS queries and answer encrypted to them.

    "Why would OpenDNS offer the menubar app if they never intend to finish it (take it out of beta)?"

    Because they don't offer a "menubar", they never will finish it, what else?  3rd party GUIs are also mentioned at http://dnscrypt.org/

    "Couldn't it be updated with a feature that recognized when a laptop is connected to a recognized network and automatically disable the DNSCrypt feature, while still using OpenDNS's servers?"

    Maybe.  Ask the (unknown) author.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "automatically disable the DNSCrypt feature, while still using OpenDNS's servers"

    This doesn't make sense.  If you can use the OpenDNS servers, you can use DNSCrypt too, generally.

    0
    Comment actions Permalink
  • Avatar
    macdoktor
    I'm really sorry rotblitz, but between your superior tone, and your mostly unhelpful responses, I'm totally lost now. How can you say "That doesn't make sense, If you can use the OpenDNS servers, you can use DNSCrypt too, generally."? That's *exactly* what I was doing when I first posted about my troubles!! I was using OpenDNS servers, and DNSCrypt, and *everything* was getting blocked. Then you said, essentially, 'well, duh, that's what's supposed to happen, why would you do that?' So now you're telling me it *should* work? Sigh... I give up...
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I was using OpenDNS servers"

    How can you be sure?  I really doubt that you used OpenDNS at that time.  You could have proved it by visiting http://welcome.opendns.com/

    And again: OpenDNS Home is for networks you own, not for your devices in other networks.  You'll want to use OpenDNS Umbrella for the latter purpose.

    0
    Comment actions Permalink
  • Avatar
    macdoktor

    How can I be sure? Because I have the OpenDNS servers set in my DNS settings, for one, plus the menubar utility that I'm using, and that you seem to know nothing about, said that I was!! Here's a screenshot:

     




    DNSCrypt.tiff
    0
    Comment actions Permalink
  • Avatar
    macdoktor

    This might work better, since I can't embed images in forum posts?




    DNSCrypt.png
    0
    Comment actions Permalink
  • Avatar
    macdoktor

    ...and when I unchecked Enable DNSCrypt, that's when my connectivity issues went away...

    0
    Comment actions Permalink
  • Avatar
    jedisct1

    Version 0.10 of this user interface is very old and was just a proof of concept. DNSCrypt itself was still in beta back then, and this user interface was never tested on Mavericks, yet on Mountain Lion, that didn't exist at that time.

    A few versions have then been released, the latest (and last) being 0.19, that was released in October 2012. But that was still before Mavericks, so both are not supposed to be compatible.

    The only option then became to run the dnscrypt client without a third-party user interface. Not a bad option to always use the last version, and more features become available (for example blocking connections to some countries). But using tools such as Homebrew, and manually changing the DNS settings require being more tech savvy than using a user interface.

    Recycling some of the abandoned, but opensource code, a new project saw the light last week: dnscrypt-osxclient https://github.com/alterstep/dnscrypt-osxclient

    That one was developed on Mavericks and is also compatible with OpenDNS. So why not try it?

    That said, if you are using a VPN, and you apparently are, there is no point in using DNSCrypt.

    0
    Comment actions Permalink
  • Avatar
    macdoktor

    Hey jedisct1... Your non-judgemental and informative reply is much appreciated! So it sounds like I shouldn't even be using the DNSCrypt interface. Thanks for that helpful info. I'll checkout the new project you mention, as well as look into the Umbrella tool that rotblitz mentioned. I tried to figure out how to enable that in my account settings at the OpenDNS site, without luck.

    You mentioned VPN, and yes, I'm exploring Cloak, which I linked to in my original post. Can you explain the difference between that and a service like Umbrella?

    0
    Comment actions Permalink
  • Avatar
    jedisct1

    What does Cloak do?

    -> If you connect to public WiFi access points, it will ensure that other people cannot see what you are doing or interfere with it. A VPN such as Cloak can also be useful to bypass some restrictions imposed by your ISP (or by your company, by some WiFi access points or by hotel WiFi).

     

    What does Umbrella do?

    -> This is a service to restrict what different devices are allowed to access, and to get reports on what they actually accessed (or tried to). In addition to generic categories, this can be used to block web sites known to be serving malware. If you try to open a web site known to be malicious, instead of the real web site, you will be redirected to a page that says "this is a malicious site". Umbrella includes a VPN service like Cloak, too. The VPN service can be used from an iPhone, iPod or iPad, but I am not sure about other devices. It is mainly an enterprise service, but individuals can buy it, too. The link is not so easy to find, so here it is: https://store.opendns.com/umbrella/prosumer

     

    What does DNSCrypt do?

    -> If you type "www.twitter.com" at Starbucks, it is technically possible for the kid sitting behind you to trick your computer into thinking that the content of "www.twitter.com" resides on his laptop. There are even apps for Android phones to do that. DNSCrypt protects against it. Your laptop (or whatever runs the dnscrypt client) will detect that the information it gets for "www.twitter.com" is not legit. DNSCrypt is a generic protocol, and you can use it with many free DNS services. Now, if you are already using a VPN, the kid sitting behind you at Starbucks cannot change the data sent to and from your devices. So, if you use a serious VPN service, you are already safe from the attack DNSCrypt protects against. Be careful, though, as some VPN services are just a scam and actually don't protect against anything. If you read "military-grade encryption" on their marketing page, think about military-grade food.

     

    So which one is the best option for you? It really depends on your needs. Also, some VPNs can work better than others (or not at all) depending on your country and/or ISP.

     

    0
    Comment actions Permalink
  • Avatar
    macdoktor

    That is incredibly helpful. Thank you.

    0
    Comment actions Permalink
  • Avatar
    noresponceneeded
    LOL-LOL-LOL!!! Anybody else think "OPENDNS" (which is free to use) AND "DNSCRYPT" come from the same company (google search if you still don't get that someone wrote a program an opensourced it an it works on lots of "DNS" providers (google,verizon,etc) an that because "OPENDNS" was kind enough to tell us about a "3rd" party software program doesn't mean they're responsible for it:MAYBE READ INSTRUCTIONS LIKE THE REST OF US DO. LOL-LOL-LOL
    0
    Comment actions Permalink

Please sign in to leave a comment.