Difference between revisions of "Package:Dnscrypt"

m
m (more details)
 
(2 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
}}
 
}}
 
{{warning|As this page deals with DNS it has the potential to break your internet access!  Ensure you have stable live media that can restore your system.}}
 
{{warning|As this page deals with DNS it has the potential to break your internet access!  Ensure you have stable live media that can restore your system.}}
DNScrypt provides encryption from clients to upstream DNS servers.  Encrypting this traffic prevents spying, spoofing, and other man in the middle attacks.
+
DNScrypt provides encryption from clients to upstream DNS servers.  Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks.
  
 
=== Installation ===
 
=== Installation ===
Line 11: Line 11:
  
 
=== Configuration ===
 
=== Configuration ===
 +
By default, opendns is used, although some [http://www.opennicproject.org/ opennic servers] support dnscrypt.
 +
 
{{f|/etc/conf.d/dnscrypt-proxy}} controls settings for DNScrypt.  A [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv list of resolvers] has been compiled for use with DNScrypt.
 
{{f|/etc/conf.d/dnscrypt-proxy}} controls settings for DNScrypt.  A [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv list of resolvers] has been compiled for use with DNScrypt.
  
 
{{file|name=/etc/resolv.conf|lang=|desc=set dns server as dnscrypt-proxy|body=
 
{{file|name=/etc/resolv.conf|lang=|desc=set dns server as dnscrypt-proxy|body=
 
nameserver 127.0.0.1
 
nameserver 127.0.0.1
 +
}}
 +
 +
==== {{package|net-dns/dnsmasq}} Configuration ====
 +
{{file|name=/etc/conf.d/dnscrypt-proxy|lang=|desc=set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.|body=
 +
DNSCRYPT_LOCALPORT=2053
 
}}
 
}}
  
Line 22: Line 29:
  
 
=== Testing ===
 
=== Testing ===
If you're using opendns, this welcome page will tell if your encrypted or not.
+
If you're using opendns, this welcome page will tell you if you're encrypted or not.
https://www.opendns.com/welcome/
+
;https://www.opendns.com/welcome/
  
 +
If you're using any other encryption enabled dns servers, try a "leak" test.  They should only report the dns servers associated with the ones you've chosen from the list.
 +
;https://www.dnsleaktest.com/
 
{{EbuildFooter}}
 
{{EbuildFooter}}

Latest revision as of 02:16, May 16, 2015

net-dns/dnscrypt-proxy


Source Repository:Repository:Funtoo Overlay

http://dnscrypt.org/

Summary: A tool for securing communications between a client, and a DNS resolver.


News

Drobbins

Perl Updates

Gentoo has bumped perl from 5.20 to 5.22. Be sure to run perl-cleaner --all after the upgrade.
2015-07-25 by Drobbins
Drobbins

ARM Rebuild

ARM systems will use new stage3's that are not compatible with earlier versions.
2015-06-27 by Drobbins
Drobbins

ABI X86 64 and 32

Funtoo Linux has new 32-bit compatibility libraries inherited from Gentoo. Learn about them here.
2015-06-18 by Drobbins
More...

Dnscrypt

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Warning

As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.

DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks.

Installation

# emerge dnscrypt-proxy


Configuration

By default, opendns is used, although some opennic servers support dnscrypt.

/etc/conf.d/dnscrypt-proxy controls settings for DNScrypt. A list of resolvers has been compiled for use with DNScrypt.

/etc/resolv.conf - set dns server as dnscrypt-proxy
nameserver 127.0.0.1

Package:Dnsmasq Configuration

/etc/conf.d/dnscrypt-proxy - set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.
DNSCRYPT_LOCALPORT=2053

Service

# rc-update add dnscrypt-proxy default
# rc


Testing

If you're using opendns, this welcome page will tell you if you're encrypted or not.

https://www.opendns.com/welcome/

If you're using any other encryption enabled dns servers, try a "leak" test. They should only report the dns servers associated with the ones you've chosen from the list.

https://www.dnsleaktest.com/