Skip to main content

DNSCrypt for Mageia





DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between the user's computer and recursive name servers, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). (SOURCE: https://github.com/DNSCrypt/dnscrypt-proxy)



Prebuilt and up-to-date binaries are available for Linux, Mac, Windows and other operating systems.

Download the Linux x86_64 version here. Follow installation instructions here.

Alternatively -- and the best choice for Mageiam, IMHO -- you can download the x86_64 version of dnscrypt-proxy from OpenMandriva here .

The OpenMandriva-sourced package will install, but show an error that can be safely ignored. This package is superior to that provided with Mageia and is the most current version of the application, but you will need to block the update of the package to the Mageia version by adding its name to /etc/urpmi/skip.list. Follow the example there. If you are using DNF, it's a little more work. You must install a plugin name versionlock.


# dnf install dnf-plugin-versionlock


then you can add the package to not be replaced or updated.


# dnf versionlock dnscrypt-proxy


FILE LOCATIONS

Configuration files are found in /etc/dnscrypt-proxy and are well commented. The default port is 53. We will change it to 553.

The binary is found at /usr/bin/dnscrypt-proxy.

Documentation and example files are found at /usr/share/dnscrypt-proxy.

Configuration for using systemd and blocklists is found at the excellent ArchLinux Wiki here. You'll need to use these instructions after installing the Open Mandriva RPM file.

Create a service to download & combine filter lists, kept in /etc/systemd/system/dnscrypt-filterlist-update.service:

[Unit]

Description=DNSCrypt Filterlist Update

[Service]

Type=oneshot

User=root

WorkingDirectory=/usr/share/dnscrypt-proxy/utils/generate-domains-blocklist/

ExecStart=generate-domains-blocklist -a domains-allowlist.txt -o blocklist.txt ; sleep 2 ; systemctl restart dnscrypt-proxy.service

[Install]

WantedBy=multi-user.target


Create a time to run on boot but also every 24 hours. /etc/systemd/system/dnscrypt-filterlist-update.timer:

[Unit]

Description=Run 15min after boot and every 5 hours (DNSCrypt Filterlist Update)

[Timer]

OnBootSec=15min

OnUnitActiveSec=24h

[Install]

WantedBy=timers.target


Enable the timer:

# systemctl daemon-reload
# systemctl enable dnscrypt-filterlist-update.timer

Configure DNSCrypt to apply the created filter rules. /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

blocked_names_file = '/usr/share/dnscrypt-proxy/utils/generate-domains-blocklist/blocklist.txt'

log_file = '/var/log/dnscrypt-proxy/blocked-names.log'


Edit /etc/resolv.conf on the server to read to read:

nameserver ::1

nameserver 127.0.0.1

options edns0

If the content of /etc/resolv.conf doesn't stick, edit it then type the following command (in a root console) to make it im mutable:

chattr +i /etc/resolv.conf

To unlock it:
chattr -i /etc/resolv.conf

Is It Working?
To check if dnscrypt-proxy is working, open a web browser and head to DnsLeakTest.com and select "extended test". If the results show servers that you have set in the configuration files it means that dnscrypt-proxy is working, otherwise something is wrong.

Installing unbound

Unbound is a local DNS resolver and cache that works with DNSCrypt-proxy. An excellent HOWTO is provided in the Mageia WIKI.

RESOURCES

DNSCrypt at Wikipedi

DNSCrypt at GitHub

DNSCrypt Version 2 Homepage

Configuration WIKI

Install and Configure Encrypted DNS Server using DNSCrypt

Configuring DNS-Over-HTTPS using dnscrypt-prox y with PiHole

AdGuard for Linux (non-free)

How to setup your own DNSCrypt server in less than 10 minutes

Client and Server Implementations




Comments

Post a Comment

Popular posts from this blog

DOS4GW.EXE Version 2.01a and Alternative DOS Extenders

DOS4GW.EXE The Tenberry DOS extender DOS4GW.EXE was used by many early DOS games. I still enjoy playing many of these games and DOS4GW.EXE is usable with DOSBox , so they can be played on Linux. However, the version of DOS4GW.EXE that was included with the game was whatever was current at the time. The most recent version that includes many bugfixes that possibly affected the games when used with DOSBox have been fixed in the latest version, 2.01a. It's not free at US$49, but you can downloaded it here . Simply substitute it for whatever version of DOS4GW.EXE your game provided and enjoy the bug-fixed goodness. Tenberry also makes a "high-performance" "pro" version of DOS4GW.EXE, but it costs $300. I think that they could sell quite a few of these to hobby users (since, you know, DOS is dead) for US$5. Open Souce to the Rescue There are better performing, free and Open Source alternatives available and worth a look. DPMI Explained Let's unders...
1 comment
Read more

Unpack those .EXE game files from GOG.com (Plus other un-packers)

I just came upon innoextract today. I have many of the wonderful games from GOG.com, some of which have native Linux Clients. Before now, I've had to use PlayOnLinux or Crossover to install these for use with WINE, then add the Linux client. InnoSetup as a way to create an installer to install the games on Windows.  Daniel Scharrer has created innoextract to allow the unpacking of those archives on a non-Windows platform. The website provides information on using innoextract , but this information from the page is very useful: GOG.com Installers GOG.com installers with a 2.x.x version number on the download page or in the filename use InnoSetup 5.5.0 and cannot be extracted by innoextract 1.2 and older. Older installers use InnoSetup 5.2.3 and usually have no version in the filename. Some GOG.com multi-part installers with version 2.1.x or higher use RAR archives (renamed to .bin) to store the game data. These files are not part of the InnoSetup installer and require...
1 comment
Read more

Lighttpd and Simple Virtual Hosts Configuration.

I manage some websites for car clubs I belong to. They had been paying for web hosting and had some volunteers who knew not quite enough about maintaining and administrating the sites. Having some prior experience with similar small club sites, I volunteered to host them and admin them. With the first site, the pages were a train wreck of PHP and making even a small change on the existing pages caused the site to crash. Way back around the turn of the last century, I had a few Linux user’s groups that wanted a website, so I worked with Cynthia Manuel of Flamingo Internet Navigators to make a template for a web site that would be easy to maintain and easy to add static content. She developed templates that relied on Server Side Includes (SSI) and Cascading Style Sheets (CSS) to make administration and content additions simple and easy, so I ported all the content over to that template and hosted the site myself. Later, another car club needed the same assistance and I ported it ov...
Post a Comment
Read more