Your IP:

Our Forums Have Moved!

Visit our new forums at https://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorfourohs
    • CommentTimeApr 23rd 2012
     permalink
    Hi all,

    ------------start snip
    Apr 23 10:50:44 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:44 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:44 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:44 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:45 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:45 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:46 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:46 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:47 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:47 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:49 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:49 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:50:52 computername dns-updater[57]: Starting async resolution
    Apr 23 10:50:52 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:53:02 computername dns-updater[57]: Starting async resolution
    Apr 23 10:53:02 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:53:02 computername dns-updater[57]: Starting async resolution
    Apr 23 10:53:02 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:53:03 computername dns-updater[57]: Starting async resolution
    Apr 23 10:53:03 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:53:03 computername dns-updater[57]: Starting async resolution
    Apr 23 10:53:03 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:11 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:11 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:22 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:22 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:23 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:23 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:23 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:23 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:23 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:23 computername dns-updater[57]: Test query has been resolved
    Apr 23 10:55:58 computername dns-updater[57]: Starting async resolution
    Apr 23 10:55:58 computername dns-updater[57]: Test query has been resolved
    -------------end snip

    DNSCrypt spams the system.log with these two message, ad infinitum. I mean, there are thousands of occurrences of these messages in the system.log, and it's not like they're spread out as some kind of periodic keep-alive. This "Test query" is being done as much as six times a second. That snippet of log shows 22 occurrences in just over fives minutes.

    The spamming of the log is annoying, but it's not the root problem. Why is this test query being run so often? Please explain and consider taming this overzealous "test". (By that I'm not suggesting squelching the log, which would only mask the problem.)

    Thanks,
    ~Jeff
    •  
      CommentAuthorjedisct1
    • CommentTimeApr 24th 2012
     permalink
    Administrator
    This happens when you check the "fallback to insecure" box.

    What checking this box does, is to spawn a process that will periodically try to resolve www.opendns.com.

    If the name can't be resolved, it probably means that encrypted DNS queries are blocked, so it will automatically uncheck the "dnscrypt" box, and dnscrypt will be disabled.

    You can uncheck the "fallback to insecure" box to avoid this behavior.
    Thankful People: zelus, maintenance
  1.  permalink
    It seems to be a bit more than "periodic"...
    • CommentAuthorrosch
    • CommentTimeApr 26th 2012
     permalink
    I agree with Matt that it's doing the checking quite often.
    Are you seeing this on a windows client?
    I could not find any such spamming in the Linux syslog.
    •  
      CommentAuthorjedisct1
    • CommentTimeMay 2nd 2012
     permalink
    Administrator
    This only happens in the user interface for OSX.

    The dnscrypt proxy itself has been designed to ensure that queries are always authenticated. It doesn't need to perform any checking as it will never fall back to something that would be insecure.

    The user interface for Mac is likely to be updated soon, in order to only perform checks when the network configuration changes.
    Thankful People: zelus, rosch, msouthall

This discussion has been inactive for longer than 30 days, and is thus closed.