Fix dnscrypt-proxy not listening on VPN service IPs

Problem: dnscrypt-proxy on Ubuntu uses systemd socket activation by default, which overrides the configured listen_addresses in dnscrypt-proxy.toml. The socket only listens on 127.0.2.1:53, preventing VPN clients from resolving DNS queries through the configured service IPs. Solution: Disable and mask the dnscrypt-proxy.socket unit to allow dnscrypt-proxy to bind directly to the VPN service IPs specified in its configuration file. This fixes DNS resolution for VPN clients on Ubuntu 20.04+ systems. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-03 10:33:13 +02:00 · 2025-08-17 19:01:31 -04:00 · 2025-08-17 19:01:31 -04:00 · 51847f3fbf
commit 51847f3fbf
parent fa2ee9fc10
1 changed files with 10 additions and 0 deletions
--- a/roles/dns/tasks/ubuntu.yml
+++ b/roles/dns/tasks/ubuntu.yml
@ -98,3 +98,13 @@
  notify:
    - daemon-reload
    - restart dnscrypt-proxy
+
+- name: Ubuntu | Disable dnscrypt-proxy socket activation
+  systemd:
+    name: dnscrypt-proxy.socket
+    state: stopped
+    enabled: false
+    masked: true
+  failed_when: false
+  notify:
+    - restart dnscrypt-proxy