-
Notifications
You must be signed in to change notification settings - Fork 1k
Windows NCSI
Before marking a network interface as available for applications, Windows tries to resolve hard-coded domain names, as well as retrieve the content of http://www.msftncsi.com/ncsi.txt
.
If these names resolve or if the HTTP connection fails, the interface becomes visible to applications, and NCSI reports it as up and running.
If they don't resolve, Windows interprets this event either as a captive portal (hijacking DNS responses) or as an invalid DNS configuration, and the network status indicator doesn't become green.
This can be fixed by uncommenting the following line from the [captive_portals]
section of the main configuration file:
map_file = 'example-captive-portals.txt'
example-captive-portals.txt
, which can of course be renamed, is a file that maps test domain names to IP addresses.
For Windows, here's an example of what such a file can contain, even though the provided example should already be fine:
www.msftncsi.com 2.16.106.89, 2.16.106.91, 23.0.175.137, 23.0.175.146
dns.msftncsi.com 131.107.255.255, fd3e:4f5a:5b81::1
www.msftconnecttest.com 13.107.4.52
Queries for these names will instantaneously get a response, even before the operating system marks the network interface as available.
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features