Error “E: Unable to locate package dnscrypt-proxy” in Kali Linux and Debian (SOLVED)

How to install the latest version of dnscrypt-proxy

dnscrypt-proxy is a popular program for running a local (on your computer) DNS proxy, used to cache DNS requests, which slightly speeds up connections and reduces traffic, and to add a DNS-over-HTTPS feature, due to which DNS queries and responses are encrypted, which increases the privacy of the user (because their DNS cannot be intercepted and analyzed), and also makes DNS spoofing attacks impossible.

The dnscrypt-proxy package has been present in the Debian repositories for many years, and therefore in all other Debian-based distributions (such as Kali Linux, Linux Mint, Ubuntu).

But in recent versions of Debian Testing and Kali Linux, when trying to install a package:

sudo apt update
sudo apt install dnscrypt-proxy

You may encounter an error:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package dnscrypt-proxy

The reason for the error is that on 2022-09-28 the package was removed from the Debian Testing repository, and therefore from Kali Linux, which is based on Debian Testing. Details on this can be found at https://tracker.debian.org/pkg/dnscrypt-proxy, as you can see from this page, the dnscrypt-proxy package was deprecated automatically due to an unresolved dependency.

Most likely, sooner or later, dnscrypt-proxy will be returned to Debian Testing, and therefore to Kali Linux, but what if you need to install and use dnscrypt-proxy right now?

In fact, the dnscrypt-proxy program is distributed by the author as a compiled executable file, the installation of which does not require any dependencies. Therefore, dnscrypt-proxy is easy to install manually.

Even if dnscrypt-proxy is already returned in the repositories, you may want to manually install the latest version of this program.

How to manually install dnscrypt-proxy

This instruction will tell you how to manually install dnscrypt-proxy, as well as add the file to Startup Apps.

To download the latest version of dnscrypt-proxy from the command line, run the following command:

wget https://github.com/`curl -s https://github.com/DNSCrypt/dnscrypt-proxy/releases/expanded_assets/$(curl -s https://github.com/DNSCrypt/dnscrypt-proxy/releases | grep -E -o '/DNSCrypt/dnscrypt-proxy/releases/tag/[0-9.]+' | head -n 1 | grep -o -E '[0-9.]{2,}') | grep -E -o '[^"]+/dnscrypt-proxy-linux_x86_64[0-9.-]+.tar.gz"' | sed 's/"//'`

It will detect and download the latest release of dnscrypt-proxy.

You can also manually download the executable from https://github.com/DNSCrypt/dnscrypt-proxy/releases, you need a file like dnscrypt-proxy-linux_x86_64*.tar.gz.

Now unpack the downloaded archive:

tar xvzf dnscrypt-proxy-linux_x86_64-*.tar.gz

Go to the directory with the unpacked files:

cd linux-x86_64/

Move the dnscrypt-proxy executable to the /usr/bin/ directory:

sudo cp dnscrypt-proxy /usr/bin/

Create the /etc/dnscrypt-proxy/ directory and copy the example-dnscrypt-proxy.toml file into it, renaming the file to dnscrypt-proxy.toml:

sudo mkdir /etc/dnscrypt-proxy/
sudo cp example-dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy.toml

Create the /usr/lib/systemd/system/dnscrypt-proxy.service file:

sudo gedit /usr/lib/systemd/system/dnscrypt-proxy.service

And copy the following into it:

[Unit]
Description=DNSCrypt-proxy client
Documentation=https://github.com/jedisct1/dnscrypt-proxy/wiki
Wants=network-online.target nss-lookup.target
Before=nss-lookup.target

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
CacheDirectory=dnscrypt-proxy
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DynamicUser=yes
ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
LockPersonality=yes
LogsDirectory=dnscrypt-proxy
MemoryDenyWriteExecute=true
NonBlocking=true
NoNewPrivileges=true
PrivateDevices=true
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RuntimeDirectory=dnscrypt-proxy
StateDirectory=dnscrypt-proxy
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources @privileged
SystemCallFilter=@chown

[Install]
WantedBy=multi-user.target

Check that port 53 is not busy:

sudo ss -tulpn 'sport = :domain'

In my case, I got the following:

Netid               State                Recv-Q               Send-Q                              Local Address:Port                               Peer Address:Port               Process                                                   
udp                 UNCONN               0                    0                                        10.0.3.1:53                                      0.0.0.0:*                   users:(("dnsmasq",pid=754,fd=6))                         
tcp                 LISTEN               0                    32                                       10.0.3.1:53                                      0.0.0.0:*                   users:(("dnsmasq",pid=754,fd=7))

That is, the dnsmasq process is listening on port 53 at 10.0.3.1. This process is started by the NetworkManager service. It won't interfere and you can ignore it. The main thing is that there are no processes listening on port 53 on the IP address 127.0.0.1.

Start the dnscrypt-proxy service:

sudo systemctl start dnscrypt-proxy.service

and check its status:

systemctl status dnscrypt-proxy.service

If everything is in alright, add the service to autoload:

sudo systemctl enable dnscrypt-proxy.service

Open the /etc/NetworkManager/NetworkManager.conf file:

sudo gedit /etc/NetworkManager/NetworkManager.conf

and to the section

[main]

add

dns=none

Restart NetworkManager:

sudo systemctl restart NetworkManager

Make a backup of the /etc/resolv.conf file:

sudo cp /etc/resolv.conf /etc/resolv.conf.backup

And then delete /etc/resolv.conf (this is important as it may be a link to a file and not a real file):

sudo rm -f /etc/resolv.conf

And create file /etc/resolv.conf

sudo gedit /etc/resolv.conf

with the following content:

nameserver 127.0.0.1
# nameserver ::1 # для IPv6
options edns0 single-request-reopen
EDNSPayloadSize 4096

Protecting the /etc/resolv.conf file from changes

Above, we added the NetworkManager setting so that this service does not change the contents of the /etc/resolv.conf file, as it does without warning. In fact, NetworkManager is indeed the most common reason for resetting /etc/resolv.conf, but not the only one. For details, as well as how to determine which program is changing the /etc/resolv.conf file and how to securely block this file from being changed by any programs, see the article “How to prevent NetworkManager and other programs from modifying the /etc/resolv.conf file”.

Continued in sections:

7. How to set up dnscrypt-proxy

8. Checking dnscrypt-proxy operation

9. Configuring dnscrypt-proxy for use with IPv6

Recommended for you:

One Comment to Error “E: Unable to locate package dnscrypt-proxy” in Kali Linux and Debian (SOLVED)

  1. Cassa says:

    And how to completely remove the old program version 2.0.45 and its problematic dependencies?!

Leave a Reply

Your email address will not be published. Required fields are marked *