- This topic has 4 replies, 2 voices, and was last updated Jan 17-8:19 am by Anonymous.
-
Posts
-
to-the-moon
##YOU will need a root lxterminal just sudo spacefm
Ok First comes First you need to download latest dnscrypt proxy for your cup arc β example: amd=x86_64, intel=i386 Genaeralyhttps://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.19
after download and extract folder to prefered directory /etc/dnscrypt-proxy-linux_x86_64-2.0.19
next wee need to change the dnscrypt-proxy config.toml to systemendless mode π
######################CHANGE LINE FROM THIS EXAMPLE 1 TO MATCH EXAMPLE 2######################
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Note: When using systemd socket activation, choose an empty set (i.e. [] ).listen_addresses = []
####################################################EAMPLE 2##################################
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Note: When using systemd socket activation, choose an empty set (i.e. [] ).listen_addresses = [β127.0.2.1:53β]
###########################################ok dnscrypt-proxy will sleep or exit when no internet is detected so make a exacutable script in -A script is a blank file with #!/bin/bash at top line
/etc/wicd/scripts/postconnect -if your using wicd
/etc/network/if-up.d -if your using default wifi connect
save as The-Script using leafpad
###################################################################################
#!/bin/bash
cd /etc/dnscrypt-proxy-linux_x86_64-2.0.19/linux-x86_64
./dnscrypt-proxyexit 0
###########################################################
Save script in directorys above then dosudo chmod +x /etc/wicd/scripts/postconnect/The-Script
sudo chmod +x /etc/network/if-up.d/The-Script
###########settting dns settings that worked for me with wicd using udhcpc NOTE: connect and disconnect to a wifi or wired network using udhcpc at least once before applying below ###########NOTEALSO! dont apply while connected to network β make sure u disconnect after connecting ^^
##How to change DNS-local resolver for AntiX-Linux as wicd has trouble## π
#STEP 1
cd /etc/resolvconf/resolv.conf.d##################
STEP 2 open file (head) /etc/resolvconf/resolv.conf.d/head in text editor should look like this below
####example1###########################################################################
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND β YOUR CHANGES WILL BE OVERWRITTEN#####################################End-example1######################################
######################
STEP 3 β Make file look like below
#########example2#################################################################
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND β YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.2.1
nameserver 127.0.2.1
search 127.0.2.1
#
#
#
##########################End-example2########################################
Make sure nameservers are the ip of your dns provider or local
yes the # are nedded from my experiancestep 3
sudo resolvconf -u
Final Step REBOOT
- This topic was modified 4 years, 3 months ago by to-the-moon.
- This topic was modified 4 years, 3 months ago by to-the-moon.
- This topic was modified 4 years, 3 months ago by to-the-moon.
#######MAKE LINES IN dnscrypt-proxy.toml LOOK LIKE BELOW FOR DNS-SEC SECURITY
# Use servers reachable over IPv4
ipv4_servers = true# Use servers reachable over IPv6 — Do not enable if you don’t have IPv6 connectivity
ipv6_servers = false# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions (DNSSEC)
require_dnssec = true# Server must not log user queries (declarative)
require_nolog = true# Server must not enforce its own blacklist (for parental control, ads blocking…)
require_nofilter = true
###############################################################3Finally π
Test your dns provider
https://dnsleaktest.com -extended test
Test if your using DNS-sec protocol for security π
https://dnssec.vs.uni-due.de/ – should pass with a thumbs up π- This reply was modified 4 years, 3 months ago by to-the-moon.
- This reply was modified 4 years, 3 months ago by to-the-moon.
- This reply was modified 4 years, 3 months ago by to-the-moon.
Attachments:
Anonymous
Can dnscrypt-proxy be used (chained?) in conjunction with unbound?
(at the moment I’m just seeking a Y/N reply, not requesting a howto tutorial)A few months back, I looked into the prospect of packaging
dnscrypt-proxy
or
dnscrypt-proxy2
and OMG, discovered that building from source would involve downloading Go plus an insane boatload of Go packages (some of which need to be obtained as source and compiled locally, as a prerequisite step to compiling dnscrypt-proxy). Also, no “ftrace” package in debian repos, so that’s another (build AND runtime) PITA dependency to chase down ~~ chased down after I had headscratchingly tried, and failed, to follow the build instructions provided at github, and the for-Ubuntu instructions I found elsewhere… and only figured out which-end-up by scouring the many open “issues” tickets at the github project. For my future reference, I’ve saved a copy of the earlier dnscrypt-proxy source tree from (May?June?2018) prior to the “let’s use Go instead of python”.Long story short ~~ the above “adventure” reinforced my wariness to touch (as a user) ANY “Go-based” program.
Arguably (touted by its proponents) Go is a type-safe language, is immune to buffer overflow vulnerabilities…
…yet whomever has packaged a Go-based programa for you, the likelihood that they were qualified to
(and able to, time-wise) audit “all that” code is nil. (I’m not a fan of “Black boxes and magic smoke”.)edited to add:
By “all that” I really meant its codebase + 3rdparty plugins (not the entire toolchain).
My primary interest/insistence on self-building dns-proxy: exorcise/nullify the “retrieve git-hosted program updates” feature of this must-run-as-root application.i dont know about using unbound or anything about unbound to verify dnc-sec signatures but i do know that i didnt have to compile a single thing for dnscrypt-proxy sorry to not be able to help
Thanks for posting the howto.
I quickly found an answer to question regarding unbound + dnscrypt-proxy.
Yes, they can be used cooperatively (if that’s what ya want)
but dnscrypt-proxy on its own is able to provide caching.
eeeeew, yuk. The forum software squishing this image and causing it to look blurry.
When viewed outside the context of a forum post, the image looks fine
^—v
h t t p s://vgy.me/slVu71.png
- You must be logged in to reply to this topic.
