Import Virtual Machine Image
Once downloaded onto your machine, deploying OVA by vCenter or to standalone ESXI host is by clicking this image file will open the Import Virtual Application screen. Click Import and then click Agree on the Software License Agreement screen. The virtual machine is preconfigured with default values and is ready to run.
Download the Image
Please download the matching VMware virtual hardware version to your ESXI:
- RelayImage OVA 64-bit _ Virtual Hardware Version 15 Which support ESXi 6.7 U2
- RelayImage OVA 64-bit _ Virtual Hardware Version 18 Which support ESXi 7.0 U1 (7.0.1) and later
- RelayImage for ESXI 6.5 or earlier versions
Setting up the Relay
1. Log in to the VM:
-
-
user: dnsfilter -
password: ChangeMeNow!
-
2. Change the password
passwd
3. Edit the relay.conf file:
sudo nano relay.conf -- (this is a symbolic link to /etc/relay/relay.conf)
Update the secret site key (change secret_key = “<secret site key>” to be secret_key = “WHATEVER_YOUR_SECRET_SITE_KEY_IS”) thensave the file
4. Configure your networking - Ubuntu uses netplan for network settings.
You would need to modify ethernet to the correct interface name which is required to be discovered on the host. Usually in most ESXI it is called ens33.
sudo nano /etc/netplan/00-installer-config.yaml
Then Within 00-installer-config.yaml, please change eth0 to ens33.
By default, the system is set to use DHCP to obtain an IP - this is fine as long as you create a permanent DHCP lease in your firewall for the MAC of the Virtual NIC of the ESXI Container. If you wish to have a static IP assigned to the machine, you can do the following:
sudo nano /etc/netplan/00-installer-config.yaml
Add a # before dhcp4: true
Remove the #’s before the next 5 lines
Update addresses: [192.168.1.12/24] to reflect the static IP that the machine is going to have - (ie: it would become addresses: [172.16.0.44/24])
Update gateway4: 192.168.1.1 to the appropriate gateway of the network the machine is on - (ie it would become gateway4: 172.16.0.1)
Save the file and then use the following commands as root to enable your changes. They will stick across boots.
sudo netplan generate
sudo netplan applyReboot the machine
5. Verify General Connectivity:
Run the following command to verify that the correct IP is shown
ifconfig
Verify that a response is received by running:
ping google.com
If everything has gone well up until now, it’s time to start up the relay!
6. Start the docker service by running the following commands:
sudo systemctl enable docker.service
sudo systemctl start docker.service
7. Start the Relay containers by running:
sudo docker start relay1 relay2
Wait 10-20 seconds
8. Verify the containers are running properly by running:
sudo docker ps
This will provide some output similar to one of the two following blocks:
*Good* output looks like this and you can move to step 9:
|
CONTAINER ID |
IMAGE |
COMMAND |
CREATED |
STATUS |
PORTS |
NAMES |
|
5fa41e37ecdc |
dnsfilter/relay:0-rtt |
“/go/bin/relay-linux…” |
6 days ago |
Up 12 Seconds |
relay2 |
|
|
1d91eb21abc2 |
dnsfilter/relay:0-rtt |
“/go/bin/relay-linux…” |
6 days ago |
Up 13 Seconds |
relay1 |
*Bad* output looks like this and some troubleshooting will be required:
|
CONTAINER ID |
IMAGE |
COMMAND |
CREATED |
STATUS |
PORTS |
NAMES |
|
5fa41e37ecdc |
dnsfilter/relay:0-rtt |
“/go/bin/relay-linux…” |
6 days ago |
Restarting (1) 3 seconds ago |
relay2 |
|
|
1d91eb21abc2 |
dnsfilter/relay:0-rtt |
“/go/bin/relay-linux…” |
6 days ago |
Restarting (1) 4 seconds ago |
relay1 |
If you run:
sudo docker logs relay1
You will receive the output of the logs for that container (relay1) - the two most common errors you will see are:
- time=“2022-02-23T21:53:33.355562001Z” level=fatal msg=“can not auto-register agent, please verify settings or contact support, trace: invalid organization or network secret key”
This means the secret key you’ve entered into therelay.conffile is invalid.
Double-check that the correct value is in the file.
- time=“2022-02-23T21:58:33Z” level=fatal msg=“not a valid TOML config file” config=/etc/relay/relay.conf error=“open /usr/local/bin/lan-proxy.conf: no such file or directory”
This means there is a formatting error or errant character in your relay.conf file - verify that it is nearly identical to our example file
Resolve these issues and run:
sudo docker restart relay1 relay2
And verify things match the good output above, and move to step 9.
If you still have error messages, please reach out to DNSFilter Support
9. Verify the relay containers are doing what they’re supposed to:
nslookup -type=txt debug.dnsfilter.com 127.0.0.1 (from the VM itself)
nslookup -type=txt debug.dnsfilter.com <internal IP address> (from another machine on the network)
*Good* Output looks something like:
Non-authoritative answer:
debug.dnsfilter.comtext = “time=2022-02-23 22:02:45.528505065 +0000 UTC”
debug.dnsfilter.comtext = “serverid=55802”
debug.dnsfilter.comtext = “serverip=103.247.36.36"
debug.dnsfilter.comtext = “serverport=53”
Along with multiple additional lines. Skip ahead to step 10.
*Bad* Output looks something like:
Non-authoritative answer:
*** Can’t find debug.dnsfilter.com: No answer
Authoritative answers can be found from: dnsfilter.com
origin = amir.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2271027187
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
If this is your output and you're certain the containers are running properly, the likely culprit is <Transparent Proxying> and we recommend you investigate that or reach out to support.
10. You’re done! You can now point all appropriate machines on the network to use this VM for DNS Resolution
Comments
0 comments
Article is closed for comments.