[dnsdist] DNScrypt with DNSDist

Sayan Bhattacharyya sohamb03 at outlook.com
Tue Dec 15 05:27:08 UTC 2020

I did guess that, but no luck. So I moved the cert and keys into a directory where dnsdist had write perms.

[root at t2 ~]# ls /etc/dnsdist/ssl
pub.key  t2.xolentum.net.crt  t2.xolentum.net.key

Perms :

[root at t2 ~]# namei -l /etc/dnsdist/ssl
f: /etc/dnsdist/ssl
dr-xr-xr-x root    root    /
drwxr-xr-x root    root    etc
drwxr-xr-x dnsdist dnsdist dnsdist
drwxr-xr-x dnsdist dnsdist ssl

But once again, no luck with this command although the fingerprint is shown:

[root at t2 ~]#  dnsdist -e 'generateDNSCryptProviderKeys("/etc/dnsdist/ssl/pub.key", "/etc/dnsdist/ssl/t2.xolentum.net.key")' --verbose
Read configuration from '/etc/dnsdist/dnsdist.conf'
Adding server to default pool
Connecting to
Provider fingerprint is: 6BEA:CDAB:114C:E2E5:DA96:743F:A6FB:4941:CEF6:B434:9C8B:CA5F:FE44:A9B3:7F23:70C0

And tried searching the entire /, no resolver.key or similar file found.

[root at t2 ~]# find / -iname resolver* -type f


From: dnsdist <dnsdist-bounces at mailman.powerdns.com> on behalf of Jacob Bunk Nielsen via dnsdist <dnsdist at mailman.powerdns.com>
Sent: Monday, December 14, 2020 11:25 AM
To: dnsdist at mailman.powerdns.com <dnsdist at mailman.powerdns.com>
Subject: Re: [dnsdist] DNScrypt with DNSDist


On 13/12/2020 06.10, Sayan Bhattacharyya via dnsdist wrote:
> Hello,
> I'm trying to generate the resolver key using my certificate's public
> and private keys, the command that I'm using on the DNSDist console is:
> /generateDNSCryptProviderKeys("/etc/pki/tls/certs/public.key",
> "/etc/pki/tls/private/private.key")/
> /
> /
> I can see that my fingerprint is printed to the screen, however, I do
> not get where is the key being save? It's neither in the CWD nor in
> the//etc/dnsdist/directory. Where is the location?

Did you check the paths that you entered in the dnsdist console? I.e.
/etc/pki/tls/certs/ and /etc/pki/tls/private/ ? That's where I'd expect
to find them when I read https://dnsdist.org/guides/dnscrypt.html

Best regards,


dnsdist mailing list
dnsdist at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20201215/c3f7ca75/attachment.htm>

More information about the dnsdist mailing list