[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

How replace default tor DNS resolver on Whonix Gateway with dnscrypt globally?

Hi. I know this might sound silly but how replace default tor DNS resolver on Whonix Gateway with dnscrypt, globally?
I found some info on here :

but not sure if is the right guide. thanks.
ps: i am aware of the risks of doing that.

Unsupported. (As per https://www.whonix.org/wiki/FAQ#What_do_you_mean_by_unsupported.3F.)

Some more general info on Whonix-Gateway system DNS (but info on your question):


(see the footnotes)

Alright, is Unsupported, So what other way i would have…to set a second DNS resolver on Workstation, with DNScrypt ?that should go through stream isolation rules , so is global for all app, right?

Apply https://www.whonix.org/wiki/Secondary_DNS_Resolver and disable stream isolation.

will do, thanks man : )

installed DNScrypt on workstation and ran it but doesn’t work,
i get “[ERROR] Unable to retrieve server certificates”

found some info on here


not sure what to do, tweak the firewall on gateway to allow 443/UDP ?
thanks.

You can’t tweak it. Or you break anonymity.

Use TCP. As mentioned in documentation.
–tcp-only

Related:

[quote=“Patrick, post:7, topic:1235”]You can’t tweak it. Or you break anonymity.

Use TCP. As mentioned in documentation.
–tcp-only

Related:
https://www.whonix.org/wiki/Tunnel_UDP_over_Tor[/quote]

–tcp-only used but i still get the error
im using an older version of whonix gateway, could be that the issue ?

I don’t know. Old versions are unsupported. These instructions are supposed to be applied in Whonix-Workstation. Sorry, instructions didn’t make this explicit. Installation on Whonix-Gateway is unsupported.

yep, i figured that installation on Whonix-Gateway is unsupported, instead of whonix workstation i used Ubuntu 13 x64 . I will try to setup with the latest Whonix gw & work just to see if works hmm.

done, with latest whonix, installed on workstation and same error, idk maybe update the https://www.whonix.org/wiki/Secondary_DNS_Resolver that doesn’t work anymore or maybe some1 else can test too to confirm

more info about the issue : https://github.com/jedisct1/dnscrypt-proxy/issues/27

No time for that. Added a note in the wiki.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]