etc: dnscrypt

2015-05-13 22:20:28 +03:00 · 2015-05-13 22:20:28 +03:00 · 17b5596d80
parent e1d873213f
commit 17b5596d80
4 changed files with 72 additions and 3 deletions
--- a/etc/conf.d/dnscrypt-proxy
+++ b/etc/conf.d/dnscrypt-proxy
@ -0,0 +1,7 @@
+DNSCRYPT_LOCALIP=127.0.0.2
+DNSCRYPT_LOCALPORT=53
+DNSCRYPT_USER=nobody
+DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
+DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
+DNSCRYPT_RESOLVERIP=208.67.220.220
+DNSCRYPT_RESOLVERPORT=443
--- a/etc/pdnsd.conf
+++ b/etc/pdnsd.conf
@ -0,0 +1,38 @@
+# https://wiki.archlinux.org/index.php?title=DNSCrypt&oldid=373568#Example:_configuration_for_pdnsd
+global {
+    perm_cache=16384;
+    cache_dir="/var/cache/pdnsd";
+    run_as="pdnsd";
+    server_ip = 127.0.0.1;
+    status_ctl = on;
+    query_method=udp_tcp;
+    min_ttl=15m;       # Retain cached entries at least 15 minutes.
+    max_ttl=1w;        # One week.
+    timeout=10;        # Global timeout option (10 seconds).
+    neg_domain_pol=on;
+    udpbufsize=1024;   # Upper limit on the size of UDP messages.
+}
+
+server {
+    label = "dnscrypt-proxy";
+    ip = 127.0.0.2;
+    port = 53;
+    timeout = 4;
+    uptest = query;
+    interval = 15m;
+    proxy_only=on;
+}
+
+source {
+    owner=localhost;
+    file="/etc/hosts";
+}
+
+
+rr {
+    name=localhost;
+    reverse=on;
+    a=127.0.0.1;
+    owner=localhost;
+    soa=localhost,root.localhost,42,86400,900,86400,86400;
+}
--- a/etc/resolv.conf
+++ b/etc/resolv.conf
@ -1,6 +1,11 @@
 nameserver ::1
-#nameserver 2001:4860:4860::8888
-nameserver 2001:4860:4860::8844
+nameserver 2001:4860:4860::8888
+#nameserver 2001:4860:4860::8844
 #nameserver 8.8.8.8
-nameserver 8.8.4.4
+#nameserver 8.8.4.4
+#nameserver 2620:0:ccc::2
+#nameserver 2620:0:ccd::2
+nameserver 208.67.222.222
+#nameserver 208.67.220.220
+options edns 0
 search mikaela.info
--- a/etc/systemd/system/dnscrypt-proxy.service
+++ b/etc/systemd/system/dnscrypt-proxy.service
@ -0,0 +1,19 @@
+[Unit]
+Description=A tool for securing communications between a client and a DNS resolver.
+After=network.target
+# Only needed if you use pdnsd, other caching DNS servers can go here. Could be ignored too.
+Before=pdnsd.service
+
+[Service]
+EnvironmentFile=/etc/conf.d/dnscrypt-proxy
+ExecStart=/usr/bin/dnscrypt-proxy \
+    --local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \
+    --resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} \
+    --provider-name=${DNSCRYPT_PROVIDER_NAME} \
+    --provider-key=${DNSCRYPT_PROVIDER_KEY} \
+    --user=${DNSCRYPT_USER} \
+    --edns-payload-size=4096
+Restart=on-abort
+
+[Install]
+WantedBy=multi-user.target