Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorguizmodns
    • CommentTimeMay 27th 2012
     permalink
    Hi,

    I made a Cydia tweak for iPhone/iPad that allows to change DNS server on 3G and Wifi (GuizmoDNS).
    It's available on all Jailbroken devices on Cydia.

    You can also set a password to lock DNS manual changes (for use with FamilyShield for example).

    If you want more details on this tweak, please feel free to ask !

    Guizmo
    Thankful People: barkena
    • CommentAuthorhelix512
    • CommentTimeMay 27th 2012
     permalink
    going to update for iOS5.1.1?
    • CommentAuthorguizmodns
    • CommentTimeMay 27th 2012
     permalink
    It's already compatible with iOS5.1.1
    • CommentAuthornit3shift
    • CommentTimeMay 28th 2012
     permalink
    I tried installing it and it says not compatible iOS5.1.1.
    •  
      CommentAuthorjedisct1
    • CommentTimeMay 28th 2012 edited
     permalink
    Administrator
    Nice!

    What about a switch to launch dnscrypt, too?

    iOS binaries for the dnscrypt proxy are available on github, or you can recompile it just by running the iphone.sh script. But the proxy really needs a UI.
    • CommentAuthorguizmodns
    • CommentTimeMay 28th 2012
     permalink
    @nit3shift : Sorry, I forgot to update the compatibility list, it should be fine now.

    @jedisct1 : if it has already been ported on iOS, there shouldn't be any problem, I'll probably have time to add it by next week.
    •  
      CommentAuthorjedisct1
    • CommentTimeMay 29th 2012
     permalink
    Administrator
    Just a quick tutorial for those who want to try dnscrypt on the iPhone/iPad/iPod touch:

    1) Download the iOS binary here: https://github.com/opendns/dnscrypt-proxy/downloads

    2) Extract the content and use ssh to copy dnscrypt-proxy to /usr/sbin/

    3) copy com.opendns.osx.DNSCryptProxy.plist to /Library/StartupDaemons and make sure that the file is owned by root (chown 0:0 /Library/StartupDaemons/com.opendns.osx.DNSCryptProxy.plist).

    4) Restart your device or use launchctl to manually start the service.

    5) Whenever you want to use dnscrypt, just use 127.0.0.1 as a DNS resolver.
    Thankful People: zelus
  1.  permalink
    Remember there are risks to jailbreaking your iOS device.
    • CommentAuthorrotblitz
    • CommentTimeMay 30th 2012 edited
     permalink
    Life is always associated with risks... :wink:
    Jailbreaking an iOS device is the smallest.
    Thankful People: tridentia
    • CommentAuthorguizmodns
    • CommentTimeJun 1st 2012
     permalink
    jedisct1 : you seem to be the maintainer for this package.
    I think it'll be cleaner to create a package on one of Cydia official repos, do you mind it I submit one ? or do you prefer do it yourself ?
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 1st 2012 edited
     permalink
    Administrator
    It would be really great it you could submit one, as I'm not very familiar with the process.

    I'm planning to release a new version Monday (waiting for some server-side change to be deployed everywhere first), so don't rush packaging 0.9.4 or 0.9.5dev yet.
    • CommentAuthorguizmodns
    • CommentTimeJun 2nd 2012
     permalink
    Ok I'll wait the new release to submit it.
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 5th 2012
     permalink
    Administrator
    dnscrypt 0.9.5 is available, you can package it :)
    Thankful People: rotblitz
    • CommentAuthorguizmodns
    • CommentTimeJun 7th 2012
     permalink
    Ok. I'm currently abroad, I'll be back tomorrow night.
    I'll submit it this week-end.
    • CommentAuthorguizmodns
    • CommentTimeJun 9th 2012
     permalink
    I submitted the package, it usually takes 1 or 2 days to be available.
    Once it'll be accepted, I'll submit an update for GuizmoDNS supporting it.
    • CommentAuthorguizmodns
    • CommentTimeJun 11th 2012
     permalink
    DNSCrypt is available on Cydia.
    I didn't have much time to test, but I had segfaults every 2 or 3 requests.
    After restarting my iPhone, all was fine.

    I don't know yet if the problem was my iPhone, dnscrypt or something wrong with the package.
    I'll do more tests, and if all goes well I'll submit GuizmoDNS update tomorrow.
    • CommentAuthorguizmodns
    • CommentTimeJun 12th 2012
     permalink
    GuizmoDNS 1.0.5 now available on Cydia !

    Please let me know if anything goes wrong.

    Guizmo
    Thankful People: ednometry
    • CommentAuthorednometry
    • CommentTimeJun 14th 2012 edited
     permalink
    I've installed your app and the DNSCrypt from Cydia, after a few reboots I got it working but how come when I use the OpenDNS test sites they just say Proxy Detected instead of you are using openDNS? How can I test to see if it's actually working? It doesn't block internetbadguys.com or redirect from craigslist.og either... and it only has a single dns entry... shouldn't it use both?

    edit:
    I have checked again and it stops working when I activate DNScrypt now... it works fine when I just manually enter the server addresses and it comes up correctly on the test sites but if I check the DNScrypt option... boom no connections...
  2.  permalink
    Is your DNS entry pointing to 127.0.0.1?
    • CommentAuthorednometry
    • CommentTimeJun 15th 2012
     permalink
    DNSCrypt is a toggle switch in this app. When you switch it on it locks in the standard open dns 208.67.220.220... and it doesn't work... I tried 127.0.0.1 but that doesn't work either.
    Thankful People: maintenance
    • CommentAuthorednometry
    • CommentTimeJun 19th 2012 edited
     permalink
    Weird, tried it again today and now it works fine... Kudos for the hardwork this was a dollar well spent.
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 19th 2012
     permalink
    Administrator
    A new version of the proxy is out. Can you check if it works fine for you and update the Cydia package?
    • CommentAuthorguizmodns
    • CommentTimeJun 24th 2012
     permalink
    I checked and the binary on github doesn't accept the "--user" option.
    I recompiled it and it seems fine.

    There were crashes sometimes with the previous version :
    [INFO] Proxying from [127.0.0.1 (53)] to [208.67.220.220 (443)]
    ======== Stack trace ========
    1 dnscrypt-proxy 0x00006e83 stack_trace_signal_handler + 26
    2 libsystem_c.dylib 0x33ee57e3 _sigtramp + 38
    3 dnscrypt-proxy 0x0000ba41 uv__run + 36
    4 dnscrypt-proxy 0x0000ba41 uv__run + 36
    5 dnscrypt-proxy 0x0000bb75 uv_run + 32
    6 dnscrypt-proxy 0x00002bdb main + 254
    7 dnscrypt-proxy 0x000024c8 start + 52

    I don't know if the 0.10 fixes it, I activated the stderr/stdout log to /tmp/DNSCrypt.log, when the update will be available on Cydia, I'll update GuizmoDNS to send this log file with the support mail.
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 25th 2012 edited
     permalink
    Administrator
    0.10 doesn't use libuv any more, and should remove every single issue seen with libuv in the previous versions.

    The binaries on github are built with the iOS 6 SDK. And getpw*() functions don't exist any more on iOS 6, thus the --user option is disabled.

    Do you know how one is supposed to get a uid and gid according to a user name with the iOS 6 SDK?
    • CommentAuthorguizmodns
    • CommentTimeJun 26th 2012
     permalink
    I guess this you are not supposed to use those functions due to AppStore sandbox limitations.

    They removed the pwd.h from the iOS6 includes.
    I tryied to copy it from iOS5.1 and it worked, so the functions exists, only the header is missing.
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 26th 2012
     permalink
    Administrator
    Ah, lame.

    Ok, let's add the required prototypes, then :)
    • CommentAuthorguizmodns
    • CommentTimeJun 27th 2012
     permalink
    I had this kind of issues everytime I updated XCode, so I prefered keeping a copy of an old SDK modified for my needs.

    For info, DNSCrypt 0.10 is available on Cydia.
    • CommentAuthormetoo11
    • CommentTimeJun 29th 2012 edited
     permalink
    DNScrypt version 0.10 doesn't seem to work, whether it be standalone or with GuizmoDNS 1.0.5, it breaks DNS. DNScrypt version 0.9.5 worked just fine as standalone or along with GuizmoDNS. I can install the 0.9.5 deb to work standalone, but as soon as I install GuizmoDNS which has DNScrypt 0.10 install intergrated, Cydia starts producing errors about the inability to overwrite DNScrypt which causes Cydia to refuse to install anything else until I remove GuizmoDNS. The only way to continue using DNScrypt and have the ability to install stuff in Cydia, is installing the standalone 0.9.5 deb. Please fix this, I would like to use GuizmoDNS to manage DNScrypt.

    iPhone 2G IOS 3.1.3
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 30th 2012
     permalink
    Administrator
    "iPhone 2G IOS 3.1.3"

    The proxy really hasn't been designed to support such an old version of iOS. Current versions of XCode don't even ship with emulators for iOS < 5.0. And XCode doesn't compile code compatible with older CPUs (like, before the iPhone 3G) any more.

    I'm actually quite surprised that 0.9.5 used to work on iOS 3. Maybe libevent is using some API that is nonexistent on iOS 3 and libuv didn't.

    But even if older versions worked on iOS 3, they haven't been tested on it. At all. I don't know if the crypto functions are working properly on this environment. I don't know if the key pairs are secure when generated on iOS 3. So even if "it seems to work", please don't use it on iOS < 5.0
    • CommentAuthorguizmodns
    • CommentTimeJun 30th 2012
     permalink
    Indeed the actual 0.10 version on Cydia is compiled for armv7 only (iPhone 4/4S or iPads).
    Version 0.9.5 was compiled for armv6 (iPhone 2G/3G or newer).

    The best I can do is to compile for both armv6 and armv7, dnscrypt will at least start on your device, but as jedisct1 says, it has not been validated on iOS<5.0.

    Concerning your Cydia message, check if you have the file /usr/sbin/dnscrypt-proxy still exists, if so, remove it and try again.
    • CommentAuthormetoo11
    • CommentTimeJun 30th 2012
     permalink
    Ok, now lets imagine it does work in IOS 3. Couldn't the GuizmoDNS install do a check for previous installion of DNScrypt to determine if it even needs installing? This should eliminate the Cydia problem. I am guessing this behavior happens to even those running IOS 5 and hadn't updated DNScrypt under Cydia changes, but tried to install GuizmoDNS.

    Could someone develop a web service to check if DNScrypt is even being implemented? I use Dig to see if the proxy is working, but are the lookup's even being encrypted? How does one know for sure, no matter the platform? Might as well stick to VPN, eh...
    •  
      CommentAuthorjedisct1
    • CommentTimeJun 30th 2012 edited
     permalink
    Administrator
    You can check that a query was made using dnscrypt by querying the TXT record for debug.opendns.com:

    $ drill txt debug.opendns.com
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 38316
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; debug.opendns.com. IN TXT

    ;; ANSWER SECTION:
    debug.opendns.com. 0 IN TXT "server 1.pao"
    debug.opendns.com. 0 IN TXT "flags 20 0 2f4 0"
    debug.opendns.com. 0 IN TXT "id 0"
    debug.opendns.com. 0 IN TXT "source 69.181.22.52:59198"
    debug.opendns.com. 0 IN TXT "dnscrypt enabled (7136666E76576A38)"


    That said, dnscrypt only authenticates DNS queries. If you have a VPN, you'd rather use it than dnscrypt (provided that you trust the VPN provider), as it authenticates and encrypts everything, not only DNS queries.
    • CommentAuthormetoo11
    • CommentTimeJul 1st 2012
     permalink
    iPhone 2G IOS 3.1.3 w/ DNScrypt 0.9.5 apparently works

    https://www.dropbox.com/s/qfswipf7mn8xxyt/IMG_0004.PNG
    • CommentAuthorguizmodns
    • CommentTimeJul 2nd 2012
     permalink
    DNSCrypt 0.10-1 on Cydia should run on iPhone2G/3G.

This discussion has been inactive for longer than 30 days, and is thus closed.