From 1af04b7915718fcbabc7e30b8f46f7b1782dee20 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sun, 21 Oct 2018 14:22:44 +0300 Subject: [PATCH] 2018-10-21-dnscrypt-proxy-quick-dirty-debian.md --- ...10-21-dnscrypt-proxy-quick-dirty-debian.md | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 _posts/2018-10-21-dnscrypt-proxy-quick-dirty-debian.md diff --git a/_posts/2018-10-21-dnscrypt-proxy-quick-dirty-debian.md b/_posts/2018-10-21-dnscrypt-proxy-quick-dirty-debian.md new file mode 100644 index 0000000..0568003 --- /dev/null +++ b/_posts/2018-10-21-dnscrypt-proxy-quick-dirty-debian.md @@ -0,0 +1,64 @@ +--- +layout: post +comments: true +title: "dnscrypt-proxy v2 on Debian/Ubuntu quickly, dirtily" +category: [english] +tags: [english, FIXME] +--- + +*This is very hastily written and ~~may~~ will contain errors and will +hopefully be fixed soonish* + +1. `sudo apt-get install curl` + +As at the time of writing Debian Stable and Ubuntu include old +dnscrypt-proxy v1 which doesn't work by default download a new version from +Debian unstable (which you aren't supposed to do, but it has worked for me +on multiple systems): + +Check the version number at https://packages.debian.org/sid/amd64/dnscrypt-proxy/download and fix it below: + +`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb` + +`sudo dpkg -i dnscrypt-proxy` + +Hopefully dnscrypt-proxy is now running, check `journalctl -u dnscrypt-proxy`, there should be a line like `Oct 21 14:08:15 sedric dnscrypt-proxy[1120]: [2018-10-21 14:08:15] [NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53` + +Edit `/etc/NetworkManager/NetworkManager.conf`, it should say say `dns=none` +e.g.: + +``` +[main] +plugins=ifupdown,keyfile +dns=none +``` + +if it doesn't say dns=none, fix it and restart `systemctl restart NetworkManager` + +Edit your /etc/resolv.conf, for example: + +``` +sudo su - +rm /etc/resolv.conf +nano /etc/resolv.conf && chattr +i /etc/resolv.conf +``` + +chattr +i will prevent modifying the file unless chattr -i is done first. + +Example resolv.conf: + +``` +nameserver 127.0.2.1 +options edns0 single-request-reopen +#search mikaela.info +``` + +Nameserver is the host where dnscrypt-proxy says to listen on, options are +from dnscrypt-proxy documentation and search is domains that are +automatically searched for if you don't use FQDN, e.g. `ssh machine` in +my (uncommented) config would turn into `ssh machine.mikaela.info`. + +I hope I remember everything, but this is a bit hasty writing and the GPG +signature or anything isn't verified and I hope I will fix this later... + +for the curious my dnscrypt-proxy config https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy