Relay Deployment with VMware ESXi Image

Article author
Elyas Zoubi
  • Updated

Import Virtual Machine Image

Once downloaded onto your machine, deploying OVA by vCenter or to standalone ESXI host is by clicking this image file will open the Import Virtual Application screen. Click Import and then click Agree on the Software License Agreement screen. The virtual machine is preconfigured with default values and is ready to run.

 

Download the Image

Please download the matching VMware virtual hardware version to your ESXI:

 

Setting up the Relay

          1. Log in to the VM:
            Username: dnsfilter
            Password: ChangeMeNow!
          2. Change the password:
            passwd
          3. Edit the relay.conf file using the following command (See step 4 for some default values to edit):
            sudo nano relay.conf
          4. In relay.conf (found at the following location: /etc/relay/relay.conf ) set Secret Site Key and Name.
            Note1: The name needs to match the deployment name set in your dashboard. 
            Note2: To save the changes made within relay.conf use ctrl+o to write out then hit return to finalise the file name, you can then exit with ctrl+x.
          5. Configure your network settings - Ubuntu uses netplan for network settings
            You would need to modify ethernet to the correct interface name which is required to be discovered on the host. The most common within ESXI is called ens33.
            sudo nano /etc/netplan/00-installer-config.yaml
          6. Then Within 00-installer-config.yaml, please change eth0 to ens33 (only required for 18.04 image) - see point 7 for screenshot.

          7. By default, the system is set to use DHCP to obtain an IP - this is fine as long as you create a permanent DHCP lease in your firewall for the MAC of the Virtual NIC of the ESXI Container. If you wish to have a static IP assigned to the machine, you can do the following by using the command in step 5. (Note: # comments out the line it is placed before)
            Add a # before dhcp4: true 
            Remove the #'s before the next 5 lines

            Update addresses: [192.168.1.15/24] to reflect the static IP that the machine is going to have - (i.e.: it would become addresses: [172.16.0.44/24])

            Update gateway4: 192.168.1.1 to the appropriate gateway of the network the machine is on - (i.e.: it would become gateway4: 172.16.0.1)

          8. Save the file and then use the following commands as root to enable your changes. They will stick across boots.
            sudo netplan generate
            sudo netplan apply
          9. Reboot the machine
          10. Verify General Connectivity
            Run the following command to verify that the correct IP is shown:
            ifconfig
          11. Verify that a response is received by running a ping:
            ping google.com
          12. If the above is successful it's time to start the relay by running the following commands:
            sudo systemctl enable docker.service
            sudo systemctl start docker.service
          13. Start the relay containers by running:
            sudo docker start relay1 relay2
            Wait 10-20 seconds
          14. Verify the containers are running properly
            sudo docker ps

            This will provide an output similar to one of the two following blocks:

            *Good* output looks like this and you can move to step 16:

            CONTAINER ID

            IMAGE

            COMMAND

            CREATED

            STATUS

            PORTS

            NAMES

            5fa41e37ecdc

            dnsfilter/relay:0-rtt

            “/go/bin/relay-linux…”

            6 days ago

            Up 12 Seconds 

             

            relay2

            1d91eb21abc2

            dnsfilter/relay:0-rtt

            “/go/bin/relay-linux…”

            6 days ago

            Up 13 Seconds

             

            relay1

            *Bad* output looks like this and some troubleshooting will be required:

            CONTAINER ID

            IMAGE

            COMMAND

            CREATED

            STATUS

            PORTS

            NAMES

            5fa41e37ecdc

            dnsfilter/relay:0-rtt

            “/go/bin/relay-linux…”

            6 days ago

            Restarting (1) 3 seconds ago

             

            relay2

            1d91eb21abc2

            dnsfilter/relay:0-rtt

            “/go/bin/relay-linux…”

            6 days ago

            Restarting (1) 4 seconds ago

             

            relay1

          15.  You can run the following command to access the logs:
            sudo docker logs relay1
            You will receive the output of the logs for that container (relay1) - the two most common errors are shown below:
            time=“2022-02-23T21:53:33.355562001Z” level=fatal msg=“can not auto-register agent, please verify settings or contact support, trace: invalid organization or network secret key”

            This means the secret key you’ve entered into the relay.conf file is invalid. Double-check that the correct value is in the file.

            time=“2022-02-23T21:58:33Z” level=fatal msg=“not a valid TOML config file” config=/etc/relay/relay.conf error=“open /usr/local/bin/lan-proxy.conf: no such file or directory”

            This means there is a formatting error or errant character in your relay.conf file - verify that it is nearly identical to our example file.

            If you encounter any further errors please reach out to support@dnsfilter.com for guidance.

          16. Restart the relay:
            sudo docker restart relay1 relay2
            Re-verify that everything looks good with the above checks.
          17. Use lookups to verify the relay containers:
            nslookup -type=txt debug.dnsfilter.com 127.0.0.1 (from the VM itself)
            nslookup -type=txt debug.dnsfilter.com <internal IP address> (from another machine on the network)
            *Good* output:

            Non-authoritative answer:

            debug.dnsfilter.comtext = “time=2022-02-23 22:02:45.528505065 +0000 UTC”

            debug.dnsfilter.comtext = “serverid=55802”

            debug.dnsfilter.comtext = “serverip=103.247.36.36"

            debug.dnsfilter.comtext = “serverport=53”

            Along with multiple additional lines. Skip ahead to step 19.

            *Bad* output:

            Non-authoritative answer:

            *** Can’t find debug.dnsfilter.com: No answer

            Authoritative answers can be found from: dnsfilter.com

            origin = amir.ns.cloudflare.com

            mail addr = dns.cloudflare.com

            serial = 2271027187

            refresh = 10000

            retry = 2400

            expire = 604800

            minimum = 3600

            If this is your output and you're certain the containers are running properly, the likely culprit is <Transparent Proxying> and we recommend you investigate that or reach out to support.

          18. You’re done! You can now point all appropriate machines on the network to use this VM for DNS Resolution

Was this article helpful?

0 out of 1 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.