UWP apps can't connect with dns-crypt

Question

I recently configured my laptop to use dns-crypt using dnscrypt-proxy. The configuration file is as follows

server_names = ['securedns', 'cloudflare', 'cloudflare-ipv6', 'securedns-ipv6', 'scaleway-fr', 'dnscrypt.nl-ns0', 'dnscrypt.nl-ns0-doh', 'dnscrypt.nl-ns0-ipv6' ]
listen_addresses = ['127.0.0.1:53', '[::1]:53']
# Use servers reachable over IPv4
ipv4_servers = true

# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
ipv6_servers = true

# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true

# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true


## Require servers defined by remote sources to satisfy specific properties

# Server must support DNS security extensions (DNSSEC)
require_dnssec = true

# Server must not log user queries (declarative)
require_nolog = true

# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true

I configured my WiFi adaptor's DNS configuration so that the IPv4 and IPv6 servers are set to localhost. This works great in 'regular' applications, except UWP apps like the standard Weather and Calendar apps, those can not connect to the internet.

If I revert the DNS configuration back to 8.8.8.8/1.1.1.1 then the UWP apps can connect again, changing it back to 127.0.0.1 breaks connectivity again.

Answer 1

As it turns out, UWP apps can not directly connect to localhost (or simply the machine it's running on). Therefore, they also cannot contact the DNS server running at 127.0.0.1 and the lookup fails (reference).

Using the AppContainerLoopback utility to allow localhost access works and UWP apps can now also benefit from DNS-Crypt. An alternative solution would be to run the dnscrypt-proxy on an external device (e.g. a Raspberry-PI).