Difference between revisions of "Package:Dnscrypt"
Threesixes (talk | contribs) m (add some goodies) |
m (link to dnsmasq because were loading dnscrypt proxy through dnsmasq for now.) |
||
(6 intermediate revisions by 3 users not shown) | |||
Line 5: | Line 5: | ||
}} | }} | ||
{{warning|As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.}} | {{warning|As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.}} | ||
DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man in the middle attacks. | DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks. | ||
=== Installation === | === Installation === | ||
Line 11: | Line 11: | ||
=== Configuration === | === Configuration === | ||
By default opendns is used, although some [http://www.opennicproject.org/ opennic servers] support dnscrypt. | By default, opendns is used, although some [http://www.opennicproject.org/ opennic servers] support dnscrypt. | ||
{{f|/etc/conf.d/dnscrypt-proxy}} controls settings for DNScrypt. A [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv list of resolvers] has been compiled for use with DNScrypt. | {{f|/etc/conf.d/dnscrypt-proxy}} controls settings for DNScrypt. A [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv list of resolvers] has been compiled for use with DNScrypt. | ||
Line 17: | Line 17: | ||
{{file|name=/etc/resolv.conf|lang=|desc=set dns server as dnscrypt-proxy|body= | {{file|name=/etc/resolv.conf|lang=|desc=set dns server as dnscrypt-proxy|body= | ||
nameserver 127.0.0.1 | nameserver 127.0.0.1 | ||
}} | |||
build up [[Package:Dnsmasq]] to handle dns traffic locally. | |||
==== {{package|net-dns/dnsmasq}} Configuration ==== | |||
Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml | |||
{{file|name=/etc/dnscrypt-proxy/dnscrypt-proxy.toml|lang=|desc=set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.|body= | |||
listen_addresses = ['127.0.0.1:53000'] | |||
}} | }} | ||
Line 24: | Line 33: | ||
=== Testing === | === Testing === | ||
If you're using opendns, this welcome page will tell if | If you're using opendns, this welcome page will tell you if you're encrypted or not. | ||
;https://www.opendns.com/welcome/ | ;https://www.opendns.com/welcome/ | ||
If you're using any other encryption enabled dns servers, | If you're using any other encryption enabled dns servers, try a "leak" test. They should only report the dns servers associated with the ones you've chosen from the list. | ||
;https://www.dnsleaktest.com/ | ;https://www.dnsleaktest.com/ | ||
{{EbuildFooter}} | {{EbuildFooter}} | ||
===arch wiki=== | |||
https://wiki.archlinux.org/index.php/Dnscrypt-proxy |
Revision as of 11:28, October 12, 2020
Dnscrypt
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.
DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks.
Installation
root # emerge dnscrypt-proxy
Configuration
By default, opendns is used, although some opennic servers support dnscrypt.
/etc/conf.d/dnscrypt-proxy
controls settings for DNScrypt. A list of resolvers has been compiled for use with DNScrypt.
/etc/resolv.conf
- set dns server as dnscrypt-proxynameserver 127.0.0.1
build up Package:Dnsmasq to handle dns traffic locally.
net-dns/dnsmasq Configuration
Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
- set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.listen_addresses = ['127.0.0.1:53000']
Service
root # rc-update add dnscrypt-proxy default root # rc
Testing
If you're using opendns, this welcome page will tell you if you're encrypted or not.
If you're using any other encryption enabled dns servers, try a "leak" test. They should only report the dns servers associated with the ones you've chosen from the list.