Difference between revisions of "Package:Dnscrypt"

From Funtoo
Jump to navigation Jump to search
(mention resolvconf and how it could overwrite your nameservers)
 
(3 intermediate revisions by one other user not shown)
Line 18: Line 18:
nameserver 127.0.0.1
nameserver 127.0.0.1
}}
}}
build up [[Package:Dnsmasq]] to handle dns traffic locally.


==== {{package|net-dns/dnsmasq}} Configuration ====
==== {{package|net-dns/dnsmasq}} Configuration ====
Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml


{{file|name=/etc/conf.d/dnscrypt-proxy|lang=|desc=set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.|body=
{{file|name=/etc/dnscrypt-proxy/dnscrypt-proxy.toml|lang=|desc=set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.|body=
DNSCRYPT_LOCALPORT=53000
listen_addresses = ['127.0.0.1:53000']
}}
}}


Line 29: Line 31:
{{console|body=###i## rc-update add dnscrypt-proxy default
{{console|body=###i## rc-update add dnscrypt-proxy default
###i## rc}}
###i## rc}}
=== Resolvconf ===
If you're using resolvconf, uncomment the name_servers line in /etc/resolvconf.conf to make sure your nameservers don't get overwritten.


=== Testing ===
=== Testing ===
Line 36: Line 41:
If you're using any other encryption enabled dns servers, try a "leak" test.  They should only report the dns servers associated with the ones you've chosen from the list.
If you're using any other encryption enabled dns servers, try a "leak" test.  They should only report the dns servers associated with the ones you've chosen from the list.
;https://www.dnsleaktest.com/
;https://www.dnsleaktest.com/
{{EbuildFooter}}
 


===arch wiki===
===arch wiki===
https://wiki.archlinux.org/index.php/Dnscrypt-proxy
https://wiki.archlinux.org/index.php/Dnscrypt-proxy
{{EbuildFooter}}

Latest revision as of 06:58, May 12, 2021

Dnscrypt

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

   Warning

As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.

DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks.

Installation

root # emerge dnscrypt-proxy

Configuration

By default, opendns is used, although some opennic servers support dnscrypt.

/etc/conf.d/dnscrypt-proxy controls settings for DNScrypt. A list of resolvers has been compiled for use with DNScrypt.

   /etc/resolv.conf - set dns server as dnscrypt-proxy
nameserver 127.0.0.1

build up Package:Dnsmasq to handle dns traffic locally.

net-dns/dnsmasq Configuration

Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml

   /etc/dnscrypt-proxy/dnscrypt-proxy.toml - set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.
listen_addresses = ['127.0.0.1:53000']

Service

root # rc-update add dnscrypt-proxy default
root # rc

Resolvconf

If you're using resolvconf, uncomment the name_servers line in /etc/resolvconf.conf to make sure your nameservers don't get overwritten.

Testing

If you're using opendns, this welcome page will tell you if you're encrypted or not.

https://www.opendns.com/welcome/

If you're using any other encryption enabled dns servers, try a "leak" test. They should only report the dns servers associated with the ones you've chosen from the list.

https://www.dnsleaktest.com/


arch wiki

https://wiki.archlinux.org/index.php/Dnscrypt-proxy