algo-ng icon indicating copy to clipboard operation
algo-ng copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

blacklist.txt is missing, prevents dnscrypt-proxy from loading

Open eladg opened this issue 5 years ago • 0 comments

Clean install on DigitalOcean. I have the following settings:

export WORKSPACE="default"
export ALGO_PROVIDER=1
export DIGITALOCEAN_TOKEN=<< MY TOKEN >> 
export ALGO_REGION=sfo2
export ALGO_SERVER_NAME=algo

./algo apply

After connecting to the server, my machine can not resolve DNS. Was debugging the server and found this:

# service dnscrypt-proxy status

● dnscrypt-proxy.service - DNSCrypt-proxy client
   Loaded: loaded (/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/dnscrypt-proxy.service.d
           └─99-capabilities.conf
   Active: failed (Result: exit-code) since Tue 2019-12-10 06:16:57 UTC; 2s ago
     Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
  Process: 1443 ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml (code=exited, status=255/E
 Main PID: 1443 (code=exited, status=255/EXCEPTION)

Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: config option `refused_code_in_responses` is deprecated, use `blocked_
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: dnscrypt-proxy 2.0.33
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Network connectivity detected
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: /etc/dnscrypt-proxy/public-resolvers.md: open sf-y7etj5gtjqfxxjmy.tmp:
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Source [public-resolvers] loaded
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Firefox workaround initialized
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: Loading the set of blocking rules from [blacklist.txt]

# ------> issue bellow:
Dec 10 06:16:57 solar-1575956637 dnscrypt-proxy[1443]: open blacklist.txt: no such file or directory
Dec 10 06:16:57 solar-1575956637 systemd[1]: dnscrypt-proxy.service: Main process exited, code=exited, status=255/EXCEPTION
Dec 10 06:16:57 solar-1575956637 systemd[1]: dnscrypt-proxy.service: Failed with result 'exit-code'.

to resolve the issue:

# ssh into algo machine

# cp example file
cp /etc/dnscrypt-proxy/example-blacklist.txt /etc/dnscrypt-proxy/blacklist.txt

# restart dnscrypt
service dnscrypt-proxy restart

a different solution would be set a terraform provisioner to cp example-blacklist.txt to blacklist.txt or setting the blacklist file to be example-blacklist.txt.

Would create a PR but can not validate this on other services (specifically GCE & Azure). Thank you for this project, please let me know if there is other way I could help.

eladg avatar Dec 10 '19 06:12 eladg