blob: 11336b5864668fd4348ab66159b35029a7d5e67d (
plain) (
tree)
|
|
An init script and configuration file have been provided to run
dnscrypt-proxy as a daemon. To configure dnscrypt-proxy, edit:
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
Remember to chmod +x /etc/rc.d/rc.dnscrypt-proxy before starting.
By default dnscrypt-proxy will use a random DNS server, i have hardcoded
some anonymizing relays to bounce the DNS querries around for increased
privacy.
Built in local caching is also enabled by default.
The proxy will run on localhost 127.0.0.1 and ::1 port 53.
If ipv6 is not required or available, it can be disabled in the config.
The configuration file is setup to use a 'dnscrypt' user by default.
In order to use the default configuration you should create a
'dnscrypt' user and group with the following commands:
groupadd -g 293 dnscrypt
useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
If you decide to use another user you should edit the user_name setting
in:
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
In order to send all DNS requests through dnscrypt-proxy, you will need
to update /etc/resolv.conf to point to localhost. If using dhcpcd, the
easiest way to set dnscrypt-proxy as the primary (but not exclusive)
dns resolver is to create file /etc/resolv.conf.head with the following
line:
nameserver 127.0.0.1
You may also have to add the following line to enable EDNS:
options edns0
It is also recommended to make the resolv.conf file immutable by
issuing:
chattr +i /etc/resolv.conf
To prevent the settings from being reset by dhcp or any other service.
To start dnscrypt-proxy automatically at system start, add the following
to:
/etc/rc.d/rc.local:
if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
/etc/rc.d/rc.dnscrypt-proxy start
fi
To properly stop dnscrypt-proxy on system shutdown, add the following
to:
/etc/rc.d/rc.local_shutdown:
if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
/etc/rc.d/rc.dnscrypt-proxy stop
fi
|
