Relay Deployment with Hyper-V Image

Article author
Fikayo Adepoju
  • Updated

 

Once downloaded onto your machine, the following steps show you how to set up and use the image

 

Creating the Relay VM

1. Create a New Virtual Machine

 

mceclip0.png

 

2. Make Sure to choose Generation 2

 

mceclip1.png

 

3. Make sure you choose to use an existing virtual hard disk (VHDX format)

 

mceclip3.png

 

4. In order to run the Relay as a Generation 2 Hyper-V virtual machine, you can either switch off the Secure Boot or Enable Linux Secure Boot depends on your HyperV version as follows:

 

mceclip4.png

 

mceclip0.png

Setting up the Relay

1. Log in to the VM:

    • user: dnsfilter
    • password: ChangeMeNow!

2. Change the password

passwd

 3. Edit the relay.conf file:

      sudo nano relay.conf -- (this is a symbolic link to /etc/relay/relay.conf)

           Update the secret site key (change secret_key = “<secret site key>” to be secret_key = “WHATEVER_YOUR_SECRET_SITE_KEY_IS”) then save the file

 

4. Configure your networking - By default, the system is set to use DHCP to obtain an IP - this is fine as long as you create a permanent DHCP lease in your firewall for the MAC of the Virtual NIC of the Hyper-V Container. If you wish to have a static IP assigned to the machine, you can do the following:

 

           sudo nano /etc/netplan/00-installer-config.yaml

           Add a # before dhcp4: true

           Remove the #’s before the next 5 lines

           Update addresses: [192.168.1.12/24] to reflect the static IP that the machine is going to have -               (ie: it would become addresses: [172.16.0.44/24])

           Update gateway4: 192.168.1.1 to the appropriate gateway of the network the machine is on - (ie             it would become gateway4: 172.16.0.1)

 

           Save the file and run:

           sudo netplan apply

           Reboot the machine

 

5. Verify General Connectivity:

           Run the following command to verify that the correct IP is shown 

           ifconfig

           Verify that a response is received by running:           

           ping google.com

 

            If everything has gone well up until now, it’s time to start up the relay!

 

6. Start the Relay containers by running: 

            sudo docker start relay1 relay2

7. Wait 10-20 seconds

 

8. Verify the containers are running properly by running:

            sudo docker ps

 

           This will provide some output similar to one of the two following blocks:

           *Good* output looks like this and you can move to step 9:

 

CONTAINER ID

IMAGE

COMMAND

CREATED

STATUS

PORTS

NAMES

5fa41e37ecdc

dnsfilter/relay:0-rtt

“/go/bin/relay-linux…”

6 days ago

Up 12 Seconds 

  

relay2

1d91eb21abc2

dnsfilter/relay:0-rtt

“/go/bin/relay-linux…”

6 days ago

Up 13 Seconds

  

relay1

 

           *Bad* output looks like this and some troubleshooting will be required:

 

CONTAINER ID

IMAGE

COMMAND

CREATED

STATUS

PORTS

NAMES

5fa41e37ecdc

dnsfilter/relay:0-rtt

“/go/bin/relay-linux…”

6 days ago

Restarting (1) 3 seconds ago

  

relay2

1d91eb21abc2

dnsfilter/relay:0-rtt

“/go/bin/relay-linux…”

6 days ago

Restarting (1) 4 seconds ago

  

relay1

 

            If you run:

            sudo docker logs relay1

            You will receive the output of the logs for that container (relay1) - the two most common errors you will see are:

  1. time=“2022-02-23T21:53:33.355562001Z” level=fatal msg=“can not auto-register agent, please verify settings or contact support, trace: invalid organization or network secret key”

                        This means the secret key you’ve entered into the relay.conf file is invalid.

                        Double-check  that the correct value is in the file.

 

  1. time=“2022-02-23T21:58:33Z” level=fatal msg=“not a valid TOML config file” config=/etc/relay/relay.conf error=“open /usr/local/bin/lan-proxy.conf: no such file or directory”

                      This means there is a formatting error or errant character in your relay.conf file - verify                            that it is nearly identical to our example file

 

           Resolve these issues and run:

           sudo docker restart relay1 relay2

           And verify things match the good output above, and move to step 9.

           If you still have error messages, please reach out to DNSFilter Support

 

9. Verify the relay containers are doing what they’re supposed to:

          nslookup -type=txt debug.dnsfilter.com 127.0.0.1 (from the VM itself)

          nslookup -type=txt debug.dnsfilter.com <internal IP address> (from another machine on the network)

 

           *Good* Output looks something like:

                  Non-authoritative answer:

            debug.dnsfilter.com text = “time=2022-02-23 22:02:45.528505065 +0000 UTC”

            debug.dnsfilter.com text = “serverid=55802”

            debug.dnsfilter.com text = “serverip=103.247.36.36"

            debug.dnsfilter.com text = “serverport=53”

           Along with multiple additional lines. Skip ahead to step 10.

 

          *Bad* Output looks something like:

                    Non-authoritative answer:

    *** Can’t find debug.dnsfilter.com: No answer

    Authoritative answers can be found from: dnsfilter.com

             origin = amir.ns.cloudflare.com

             mail addr = dns.cloudflare.com

             serial = 2271027187

              refresh = 10000

              retry = 2400

              expire = 604800

              minimum = 3600

     If this is your output and you're certain the containers are running properly, the likely culprit is <Transparent Proxying> and we recommend you investigate that or reach out to support.

 

 

10. You’re done! You can now point all appropriate machines on the network to use this VM for DNS Resolution

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.