Will DNSCrypt work on a desktop PC config with a STATIC IP address?

Comments

10 comments

  • Avatar
    mattwilson9090

    Why would DNSCrypt not work in this situation? Have you checked the settings in DSNCrypt to see if something is misaligned now that you've made the change? It's possible that in setting a static address you also didn't provide some piece of information that had been supplied by DHCP before you made the change.

    Static and dynamic addressing are just how an address is assigned to a device. Once assigned, nothing that a device connects to cares how that address was assigned so long as the assigned settings are the same. If you think assigning a static address is the cause of your problem then set the device back to dynamic addressing and reserve the address you want it to have in the DHCP server. You will still get the benefits of a static address, but be able to change things as needed via DHCP

  • Avatar
    af7u

    Matt,

    Thanks for your response~!  You mentioned checking 'Settings' in DNSCrypt, I am unfamiliar with ANY settings, other than the splash page with, 'General', 'About', 'Release Notes', etc.  This workstation has operated flawlessly for at least a year or more with a DHCP assigned address, now situations require this machine have a static address.  When I changed it in the usual Windows place, DNSCrypt quit.  The part in that window where you assign a DNS provider was set to 127.0.0.1, I did not set this, apparently DNSCrypt did upon installation (I'm assuming).  I did NOT change that and left it where I found it at 127.0.0.1.  Once I completed the change DNSCrypt quit.  Later I changed it to OpenDNS IP's and also to Google's 8.8.8.8 and still no workie.

     Tech Support at OpenDNS was absolutely NOT helpful, they didn't understand 'Where' I made such changes in windows and wanted me to send them a screenshot of where I made the changes... I sent them a screenshot and exclaimed I was surprised they asked such a question.  We must have exchanged a dozen emails with a very circular dialog.  YOU on the other hand seemed to understand immediately what I was asking.  THANK YOU~!  I was beginning to wonder if I was losing it...

     So... I understand you've had DNSCrypt work with a static assigned address?   Hmmmm  I wonder what's happening...  I understand your idea about using DHCP and address reservation but I'm working with a project which needs the computer to have a 'Static' address.  I will add, this is a static RFC1918 address and not a static public address from my ISP.

    Regards,

    ~M

  • Avatar
    rotblitz

    "DNSCrypt stopped working...  (i.e. The small globe in the system tray went 'RED'. "

    That's the problem.  DNSCrypt does not come with a systray icon, and you seem to use an at least outdated software.

    "they didn't understand 'Where' I made such changes in windows"

    Yes, clearly.  Because you seem to use software they don't even know about...

    Uninstall this outdated DNSCrypt with GUI, and go to http://dnscrypt.org/ to download the latest dnscrypt-proxy to install and configure it.

    And sure, using a local static or dynamic IP address is totally unrelated to and independent from using DNSCrypt, of course.

  • Avatar
    mattwilson9090

    I have no idea what operating system you are using with this device, let alone what software you might be using on it, so all I can say is look in the settings for whatever software you are using. I have no idea what your options there might be. If the only change you made was to change address assignment from DHCP to static I'd guess that you didn't provide all the information in the static settings that DHCP was providing.

    No, I haven't had DNSCrypt working with a static assigned address, but then again I haven't needed to. However, I will repeat what I said earlier, *how* an address is assigned to a device doesn't matter. That information doesn't get passed along to whatever services you might be connecting to. The only way it would matter is if the change in assignment actually led to a change in the assigned address related information. You'd have to compare ipconfig or ifconfig results with DHCP enabled and with a statically assigned address to see what is different and make the two of them match.

    I don't know what project you are working on that requires, but I can say that once address reservations are set up and received in DCHP there is no functional difference between DHCP and statically assigned addresses. I do this all the time for workstations, though I always manually set "infrastructure" devices like services and printers since there are generally so few of them and I don't want any problems with infrastructure in case DHCP isn't running.

    Echoing what rotblitz is saying, making sure you are using the latest version of the DNSCrypt client for whichever operating system you are using.

    It would have been more helpful if you'd provided information about the operating system and version you are using, as well as the DNSCrypt software and version you are using. It's almost impossible to provide anything more than general advice without that information, and that may or may not have contributed to your issues with OpenDNS support. I'm not even sure if you opened a trouble ticket with them, and used that system, or if you just emailed some address that you had.

  • Avatar
    af7u

    Okay guys, let me be very clear, I know next to nothing about DNSCrypt, I work as an electronics engineer in an RF lab, not a computer lab. So I'm a NOOB here ok... stop trying to spank me. That said I do have *some* experience in computing starting with IBM's 1620 mainframe circ 1968 forward.

    Rot:, I've read your reply several times, although I appreciate your time responding to it and I seem to see your drift, however your tone makes me feel like I'm being shamed for asking such a 'silly' question. So I'll direct my reply to Matt, he seems to have a better grip on dealing with someone completely unfamiliar with the subject.

    Matt:, this machine is a Win 7 Pro, 64bit, plenty of memory. It is running several pieces of software which I am unable to go into. Nothing outrageous but I'm still limited as far as going into details. I inherited this machine from another dept. which had installed DNSCrypt some time back, perhaps a couple years or so. I was using version 0.0.5 and it had an icon in the system tray, albeit I don't think the fact it shows up there is causing my issue, as Rot eluded to. My dismay started when I created an (honest-to-goodness) 'trouble ticket', taking from the mothership's reply they appeared to be unfamiliar with where I was changing this machine's IP address. I guess I assumed that location was self evident which was reflected in my prior email. Risking flogging a dead horse but in Rot's last sentence, which BTW, I am in agreement with, whether static nor dynamic it is unrelated to DNSCrypt, "...of course." he states. Unfortunately, there in fact, does appear to be some sort of correlation, because when I switched from DHCP to Static, DNSCrypt quit. I haven't a clue how that could be... but it is~!

    Yes, I am guilty of not providing more nfo, I withheld that because initially I was curious if I was chasing my tail or if DNSCrypt would actually work with a statically assigned address. I did not want to toss out unnecessary details until I knew more facts. So apparently it is supposed to work, great, let's go from there... Tech Support had me install DNSCrypt as a service. I followed their instructions and when I view 'Services' I see 'DNSCrypt' and 'dnscrypt-proxy'. In Processes, I see 'dnscrypt-proxy.exe'. The system tray icon is green and the GUI shows 'Protected'. Ipconfig shows DHCP enabled, IP 172.16.1.101, and DNS Servers pointed to 127.0.0.1

    When I change the machine's address to 172.16.1.10 (static), and I click 'ok' I get the following error.
    "Warning - Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the Internet). They will not function properly when the gateways are on two separate, disjoint networks (such as one on your intranet and one on the Internet). Do you want to save this configuration?"

    I am at a total loss what that means... "Multiple default gateways"??? I only see 172.16.1.1 which correctly points to this machines router. I chose to click 'OK' anyway...

    Now executing ipconfig once more, it shows: DHCP not enabled, IP address is 172.16.1.10, DNS Servers show as 208.67.220.220 with a secondary of 208.67.222.222 (OpenDNS numbers). However nothing resolves. If I ping 8.8.8.8 I see a reply of "transmit failed. General failure." There is no name resolution at all.

    When I change it back, IP is dynamically assigned and DNS Servers show to be 127.0.0.1 with no secondary and everything works fine.

    NOTE: I updated to 0.0.6, the GUI indicated this is current and everything still works as described above. Note to Rot: it STILL has an icon in the system tray and a GUI. Hmmmm... Unless you folks, whom clearly know more then I about this, can shed any light on this, I'm going to push for tossing this software. Everyone in Mgt. is hysterical about security and the talking heads heard about this and were pressing for its implementation. Personally I would like to show due diligence and advise forgoing it, it's just another piece of software I don't want to be responsible for maintaining. Thanks for any productive help you guys feel like lending here, it is appreciated. (Even if I sound like I don't)

    ~Michael

  • Avatar
    mattwilson9090

    A mainframe from 1968 is not the same as modern network based upon TCP/IP, nor does knowledge in old systems like that, or being an electronics engineer, qualify you to be modifying network settings in what sounds to be a somewhat complex corporate network.

    Your issue has nothing to do with DNS or DNSCrypt. The issue, as I originally surmised, and tried to point you towards, is that you did not configure your static addressing settings the same as what is being provided by DHCP. At a minimum you are not correctly setting the gateway, and it's likely that your traffic is not even reaching a router, let alone getting out to the internet. As the system warning attempted to point out, it sounds as if you have at least two gateways defined, but I have no idea what they are. There may be other settings that you are not correctly configuring, I don't know. Clicking OK without knowing what the warning message was, what it meant, or investigating the possible TCP/IP settings that could be invoived with this was the root cause of the problem.

    The fact that you couldn't even ping an IP address should have been your first indication that you have a networking issue that goes far deeper than DNS resolution. DNS resolution is not required for pinging an IP address, only a path to that address, which you do not. As I said, the traffic is likely not even reaching the first router it needs to pass through.

    The reason things change back when you change back to dynamic address settings is that DHCP is providing the correct network settings, whereas your static settings are not correct.

    Since I have no idea why there is such secrecy around what is installed on your computer or why you are trying to do this, or why you can't just reserve an IP address in DHCP for the computer, my best advice would be to contact corporate IT and let them do their jobs and manage the networking on equipment that they are surely responsible for configuring and managing. Also, you should leave configuring network and internet setting to them. Depending on how the network is configured and what kind of security devices and software they are running it may even be impossible to configure things as you are trying to do them. I know if I were responsible for the network much of what you are trying to do would already be blocked. If management wants DNSCrypt to secure their DNS traffic that is project that should be left to corporate IT, not multiple individuals doing it on their own.

  • Avatar
    af7u

    Whoa there, why are you so belittling.  What's wrong with this forum; did my post violate rules?  Both your responses were certainly not very productive, ridiculing - yes, productive-not so much.  You say I should have provided more information, when I did you rake me over for everything I've done wrong.  Neither of you two, or this forum, has not offered much insight into what's occurring or what I steps I could take to correct this.  I tried to state right off; I'm not familiar with DNSCrypt, I outline my experience only to calibrate you as to where my knowledge level resides.  Am I an expert in this arena, I certainly am not, albeit you sound like you want everyone to know you are.  Ok, I 'get it', you know far more then I, will that buy some assistance? 

    You say my issue has nothing to do with DNS or or DNSCrypt, of course it does, is my issue, DNS or DNSCrypt's fault, of course not, but it has everything to do with what I'm trying to accomplish.  Perhaps DNSCrypt is your pet application, I'm sorry, I'm not here to bash your software, or Windows DNS.  I just was hoping for some helpful thoughts.

    You insist I've not configured things correctly, wow, now there's a useful thought.  There's not a doubt in my mind something is not configured right.  However, as I pointed out several times, ALL I did was change this machine from DHCP to a Static address.  Did I carelessly click 'OK', yep, I sure did, you got me there.  But only after a lot of prior investigation, I did that as a 'What the Hell' sort of measure.  I'm certainly you've never done such an irrational act.

    As for secrecy and corporate stuph, from your reaction I'm assuming perhaps you've never worked in any such an environment?  I am constrained to work within certain boundaries, when I'm delegated to do something, (think IT crap) I can't just tell Mgt, nope, can't do that, it's not in my job description.  I remember years ago when Information Technology was a tail that wagged the dog but that is NOT in today's game plan brother.  I had to laugh when I read your advice, I should just pass this on to IT...  Although I do to agree with your assessment of leaving things to IT, and letting them do their job, however you need to come to speed in the real world.  When money got tight some years back, the very first dept to get the axe was IT, at the least it was pared do a skeleton crew.  However NO ONE was cut from the lab.  I'm assuming I.T. is easier to be outsourced,  there are countless techies in foreign counties waiting for *your* job, fortunately for me, engineering cannot be outsourced as easily. (Before you poke me in the eye once more, I know I'm living on an edge and Engineering can be sent overseas, but so far, we do some pretty sophisticated things here and perhaps I'm just lucky)  So the take away here is, we have very little IT support  Now we've discovered why I came here in the first place.

    When someone comes dragging into the electronics dept with a 'Whatever' that no longer works every single guy in here will do whatever they can to help.  There isn't anything I, or any of my coworkers would withhold from someone wanting  help with their broke 'Whatever'.  You've got to know what I'm addressing here, no doubt you've had someone bring you their computer for assistance.  For some reason, especially in IT, personal power (think testosterone) is based on knowledge, if I know more than you do, then I'm more powerful, I have status.  That makes me giggle...  In my world, the more helpful I am, the more caring I am about other's issues, the more respect I get.

    I came to this marry-go-round for some helpful thoughts, I got nothing of the sort.  My take away from our dialog is, now I know even less about DNSCrypt then I did when I started but I do have a greater distaste for OpenDNS and DNSCrypt.  Ahh yes, I know, when I'm a memory on this forum, you and your buddies will look at each other and say, 'What a Lamer', then pat yourselves on your collective backs and bask in your endless knowledge about computers.  Sheesh...

    How about that, I ranted without one single cuss word... my supervisor would be proud of me.  Okay, I did use 'Crap' and 'Hell' once... so shoot me.  If you would prefer, just say 'Go Away' and will be *MORE* than happy to oblige.  I can think of dozens of things I'd rather be doing...

    ~Michael

     

  • Avatar
    mattwilson9090

    Berate and belittle me all you like about not trying to be helpful, but I have tried to be helpful several times, suggesting several possible suggestions, all of which you rejected or ignored. You are the one who seems to have a hang up with power, not me, as I tried several times and in several different ways to help you. It's not my fault that I could only speak in generalities because I didn't have enough information to get specific. I actually attempted to give you some respect and give you the benefit of my knowledge and experience, despite the handicaps that you put up. I lost my patience when you started getting insulting to others, and rejected all of the suggestions that were made to you.

    And despite your assertion to the contrary you did get some very helpful thoughts and suggestions. It's not my fault that you either rejected them, or didn't supply enough background information for me not to know that they didn't apply to your situation. The belittling as you called it started as a direct response to your own comments belittling others, as well as claiming to be a noob, yet implying that computer knowledge on irrelevant systems dating back to 1968 should somehow have a bearing on this, not to mention that you dismissed or ignored every suggestion that was made to you.

     

    I have worked in many corporate, government, and military IT settings where some level of confidentiality was required, and when going to outside resources for help I always provided enough information for them to understand what was going on and what was needed to solve the issue. It's not my fault that you work at a company with incompetent management that does not provide the necessary support resources to do your job. Don't even try to take your frustration with that situation out on me.

     

    To be blunt, this issue of yours has nothing to do with DNS or DNSCrypt. It has entirely to do with you breaking the computers connection to the internet when you were trying to change settings to accommodate some secret need that we are not privy to. It would have happened if you were trying to change things for email, web browsing or whatever because you have the gateway settings configured wrong.

    Quite simply, information that was formerly provided by DHCP is not being provided in whatever static IP address settings you are trying to use. I made a suggestion of how you can compare your DHCP derived settings to your static derived settings and see what you did wrong, but you ignored that suggestion. At this point, since your problem is self induced I suggest either going back to DHCP assigned addressing, reserving a lease in the DHCP server, following my suggestion about comparing dynamic to static settings, or getting IT to help you.

     

  • Avatar
    Alexander Harrison

    I do see that as of this morning the underlying cause in the network settings of the computer has been located in your case with OpenDNS support and DNSCrypt is now working. 

    With regards to DNSCrypt, on Windows version 0.0.6 is the most recent version of the Technical Preview and no further development was made at OpenDNS. The dnscrypt.org edition of DNSCrypt is open source software that has been built into many more versions after the Technical Preview at OpenDNS ended. If a more full featured DNSCrypt-like program interests you, the Roaming Client by OpenDNS is built on top of DNSCrypt and allows DNS encryption along with local DNS resolution as well as tie-ins to real time stats and Malware filtering (all can be turned off if desired). 

  • Avatar
    af7u

    Yes Alex, as I updated 'Support', everything is working now and in one paragraph you've just explained EVERYTHING~!~  I couldn't figure out why these guys advice was so different then what I was experiencing.  I wish I would have seen your information first, it would have saved me a LOT of grief along with frustration.  Though not my problem source, I realized now I was working with the Technical Preview from OpenDNS, and not DNSCrypt.org, my running copy was from years ago.  But reading replies like, 'DNSCrypt does not come with a system tray Icon', when clearly I SEE a tray Icon, or, '...and you seem to use an at least outdated software. [sic]', although technically correct, that comment was not very helpful in assisting me to understand what you've just explained.  Unfortunately the 'Communities' prior dialog set a very sour tone for our exchange.  I understand now this copy was installed several years ago before www.dnscrypt.org.

    So... I had pretty much given up here, so thank you so *very much* for such clear and concise information with a very low noise floor.  I will pursue what you've outlined and again, thanks, I appreciate you chiming in.

    Respectfully,

    ~Michael

     

Please sign in to leave a comment.