Dnscrypt

Revision as of 18:29, February 21, 2015 by Threesixes (Talk | contribs) (add some goodies)

net-dns/dnscrypt-proxy


Source Repository:Repository:Funtoo Overlay

http://dnscrypt.org/

Summary: A tool for securing communications between a client, and a DNS resolver.


News

Drobbins

IP Space Migration Continues

All Funtoo user containers in the 8.28 IP space will be moving into our new IP space (172.97) over the next few days. If you have DNS set up -- be sure to watch your container and update to the new IP! container.host.funtoo.org DNS will be updated after the move.
2015-08-27 by Drobbins
Drobbins

Funtoo Hosting IP Move

Funtoo user containers with IPs in the 72.18.x.x range will be gradually migrating to new IP addresses this week. If you have DNS entries for your containers, please be aware that your DNS will need to be updated.
2015-08-11 by Drobbins
Drobbins

New ARM Stages

New ARM Stages, built with a new toolchain, are now hitting mirrors. Existing ARM users should re-install using these stages (dated Aug 3, 2015 or later,) rather than upgrade using emerge.
2015-08-06 by Drobbins
More...

Dnscrypt

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

Warning

As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.

DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man in the middle attacks.

Installation

# emerge dnscrypt-proxy


Configuration

By default opendns is used, although some opennic servers support dnscrypt.

/etc/conf.d/dnscrypt-proxy controls settings for DNScrypt. A list of resolvers has been compiled for use with DNScrypt.

/etc/resolv.conf - set dns server as dnscrypt-proxy
nameserver 127.0.0.1

Service

# rc-update add dnscrypt-proxy default
# rc


Testing

If you're using opendns, this welcome page will tell if your encrypted or not.

https://www.opendns.com/welcome/

If you're using any other encryption enabled dns servers, give them a leak test. they should only report the dns servers associated with the one you chosen from the list.

https://www.dnsleaktest.com/