Error “E: Unable to locate package dnscrypt-proxy” in Kali Linux and Debian (SOLVED)
How to install the latest version of dnscrypt-proxy
dnscrypt-proxy is a popular program for running a local (on your computer) DNS proxy, used to cache DNS requests, which slightly speeds up connections and reduces traffic, and to add a DNS-over-HTTPS feature, due to which DNS queries and responses are encrypted, which increases the privacy of the user (because their DNS cannot be intercepted and analyzed), and also makes DNS spoofing attacks impossible.
The dnscrypt-proxy package has been present in the Debian repositories for many years, and therefore in all other Debian-based distributions (such as Kali Linux, Linux Mint, Ubuntu).
But in recent versions of Debian Testing and Kali Linux, when trying to install a package:
sudo apt update sudo apt install dnscrypt-proxy
You may encounter an error:
Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package dnscrypt-proxy
The reason for the error is that on 2022-09-28 the package was removed from the Debian Testing repository, and therefore from Kali Linux, which is based on Debian Testing. Details on this can be found at https://tracker.debian.org/pkg/dnscrypt-proxy, as you can see from this page, the dnscrypt-proxy package was deprecated automatically due to an unresolved dependency.
Most likely, sooner or later, dnscrypt-proxy will be returned to Debian Testing, and therefore to Kali Linux, but what if you need to install and use dnscrypt-proxy right now?
In fact, the dnscrypt-proxy program is distributed by the author as a compiled executable file, the installation of which does not require any dependencies. Therefore, dnscrypt-proxy is easy to install manually.
Even if dnscrypt-proxy is already returned in the repositories, you may want to manually install the latest version of this program.
How to manually install dnscrypt-proxy
This instruction will tell you how to manually install dnscrypt-proxy, as well as add the file to Startup Apps.
To download the latest version of dnscrypt-proxy from the command line, run the following command:
wget https://github.com/`curl -s https://github.com/DNSCrypt/dnscrypt-proxy/releases/expanded_assets/$(curl -s https://github.com/DNSCrypt/dnscrypt-proxy/releases | grep -E -o '/DNSCrypt/dnscrypt-proxy/releases/tag/[0-9.]+' | head -n 1 | grep -o -E '[0-9.]{2,}') | grep -E -o '[^"]+/dnscrypt-proxy-linux_x86_64[0-9.-]+.tar.gz"' | sed 's/"//'`
It will detect and download the latest release of dnscrypt-proxy.
You can also manually download the executable from https://github.com/DNSCrypt/dnscrypt-proxy/releases, you need a file like dnscrypt-proxy-linux_x86_64*.tar.gz.
Now unpack the downloaded archive:
tar xvzf dnscrypt-proxy-linux_x86_64-*.tar.gz
Go to the directory with the unpacked files:
cd linux-x86_64/
Move the dnscrypt-proxy executable to the /usr/bin/ directory:
sudo cp dnscrypt-proxy /usr/bin/
Create the /etc/dnscrypt-proxy/ directory and copy the example-dnscrypt-proxy.toml file into it, renaming the file to dnscrypt-proxy.toml:
sudo mkdir /etc/dnscrypt-proxy/ sudo cp example-dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Create the /usr/lib/systemd/system/dnscrypt-proxy.service file:
sudo gedit /usr/lib/systemd/system/dnscrypt-proxy.service
And copy the following into it:
[Unit] Description=DNSCrypt-proxy client Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki Wants=network-online.target nss-lookup.target Before=nss-lookup.target [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE CacheDirectory=dnscrypt-proxy CapabilityBoundingSet=CAP_NET_BIND_SERVICE DynamicUser=yes ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml LockPersonality=yes LogsDirectory=dnscrypt-proxy MemoryDenyWriteExecute=true NonBlocking=true NoNewPrivileges=true PrivateDevices=true ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict RestrictAddressFamilies=AF_INET AF_INET6 RestrictNamespaces=true RestrictRealtime=true RuntimeDirectory=dnscrypt-proxy StateDirectory=dnscrypt-proxy SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~@resources @privileged SystemCallFilter=@chown [Install] WantedBy=multi-user.target
Check that port 53 is not busy:
sudo ss -tulpn 'sport = :domain'
In my case, I got the following:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 10.0.3.1:53 0.0.0.0:* users:(("dnsmasq",pid=754,fd=6)) tcp LISTEN 0 32 10.0.3.1:53 0.0.0.0:* users:(("dnsmasq",pid=754,fd=7))
That is, the dnsmasq process is listening on port 53 at 10.0.3.1. This process is started by the NetworkManager service. It won't interfere and you can ignore it. The main thing is that there are no processes listening on port 53 on the IP address 127.0.0.1.
Start the dnscrypt-proxy service:
sudo systemctl start dnscrypt-proxy.service
and check its status:
systemctl status dnscrypt-proxy.service
If everything is in alright, add the service to autoload:
sudo systemctl enable dnscrypt-proxy.service
Open the /etc/NetworkManager/NetworkManager.conf file:
sudo gedit /etc/NetworkManager/NetworkManager.conf
and to the section
[main]
add
dns=none
Restart NetworkManager:
sudo systemctl restart NetworkManager
Make a backup of the /etc/resolv.conf file:
sudo cp /etc/resolv.conf /etc/resolv.conf.backup
And then delete /etc/resolv.conf (this is important as it may be a link to a file and not a real file):
sudo rm -f /etc/resolv.conf
And create file /etc/resolv.conf
sudo gedit /etc/resolv.conf
with the following content:
nameserver 127.0.0.1 # nameserver ::1 # для IPv6 options edns0 single-request-reopen EDNSPayloadSize 4096
Protecting the /etc/resolv.conf file from changes
Above, we added the NetworkManager setting so that this service does not change the contents of the /etc/resolv.conf file, as it does without warning. In fact, NetworkManager is indeed the most common reason for resetting /etc/resolv.conf, but not the only one. For details, as well as how to determine which program is changing the /etc/resolv.conf file and how to securely block this file from being changed by any programs, see the article “How to prevent NetworkManager and other programs from modifying the /etc/resolv.conf file”.
Continued in sections:
7. How to set up dnscrypt-proxy
8. Checking dnscrypt-proxy operation
9. Configuring dnscrypt-proxy for use with IPv6
Related articles:
- How to enable DNS over HTTPS and what it is for (100%)
- Errors in Kali Linux ‘W: Failed to fetch’ and ‘W: Some index files failed to download. They have been ignored, or old ones used instead.’ (SOLVED) (57.1%)
- How to create and configure a Squid proxy server (57.1%)
- Configuring programs and operating systems to work through a proxy (57.1%)
- How to install VeraCrypt on Linux (55.1%)
- How to make Kali Linux 2022 Live USB with Persistence and optional encryption (on Windows) (RANDOM - 5.1%)
And how to completely remove the old program version 2.0.45 and its problematic dependencies?!