Differences

This shows you the differences between two versions of the page.

--- servers:dnscrypt-proxy [2018/04/03 08:54] – [Main] Sean Rhone
+++ servers:dnscrypt-proxy [2018/04/04 14:47] (current) – [Switch User] Sean Rhone
@@ Line 1: / Line 1: @@
+====== Information ======
+  * DNSCrypt ((https://dnscrypt.info))
+  * dnscrypt-proxy ((https://github.com/jedisct1/dnscrypt-proxy))
+===== Prerequisites =====
+  * [[distros:opensuse_tumbleweed_gnome | openSUSE Tumbleweed]] ((local DNS server))
+====== Create Group and User ======
+****
+  sudo groupadd 'dnscryptbuilder' && sudo useradd -c 'DNSCrypt Builder User' -d '/var/lib/dnscryptbuilder' -g 'dnscryptbuilder' -m -r 'dnscryptbuilder'
+====== Dependencies ======
+****
+  sudo zypper install git-core go
+====== Install ======
+  * https://github.com/jedisct1/dnscrypt-proxy/wiki/building
+===== Build =====
+==== Switch User ====
+****
+  sudo su 'dnscryptbuilder' -s '/bin/bash'
+==== Compile ====
+****
+  cd '/tmp' && rm -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* ~/'go' && git clone -b 'master' 'https://github.com/jedisct1/dnscrypt-proxy.git' '/tmp/dnscrypt-proxy' --depth '1' && cd '/tmp/dnscrypt-proxy/dnscrypt-proxy' && go get -d && go clean && go build -ldflags='-s -w' && exit
+===== Install =====
+****
+  sudo mv '/tmp/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy' '/usr/sbin/dnscrypt-proxy' && sudo chown 'root':'root' '/usr/sbin/dnscrypt-proxy' && sudo chmod +x '/usr/sbin/dnscrypt-proxy' && sudo restorecon -v '/usr/sbin/dnscrypt-proxy' && cd ~ && sudo rm -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go' && sync
+====== Settings ======
+===== References =====
+  * https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
+  * https://github.com/DNSCrypt/dnscrypt-resolvers
+===== Notes =====
+  * ''server_names'' can be commented-out in order to query all available servers, and then manually curated to select the servers with lowest response times
+===== Settings =====
+  sudo mkdir -p '/etc/dnscrypt-proxy' && sudo -e '/etc/dnscrypt-proxy/dnscrypt-proxy.toml'
+<code>
+server_names = ['cloudflare', 'ev-us2', 'ventricle.us', 'opennic-onic']
+keepalive = 10
+fallback_resolver = '185.121.177.177:53'
+ipv6_servers = true
+require_dnssec = true
+[blacklist]
+blacklist_file = 'blacklist.txt'
+[sources.'public-resolvers']
+urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+cache_file = 'public-resolvers.md'
+minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+[sources.'opennic']
+urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'http://download.dnscrypt.info/resolvers-list/v2/opennic.md']
+cache_file = 'opennic.md'
+minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'</code>
+===== Blacklist =====
+  sudo -e '/etc/dnscrypt-proxy/blacklist.txt'
+<code>
+# Facebook 2018/03/19
+*.facebook.*
+*.fbcdn.*
+*.tfbnw.*
+*.fbsbx.*
+*.fb.*
+*.whatsapp.*
+*.instagram.*</code>
+====== Services ======
+===== Main =====
+  sudo -e '/etc/systemd/system/dnscrypt-proxy.service' && sudo systemctl daemon-reload && sudo systemctl enable 'dnscrypt-proxy' --now && sudo systemctl status 'dnscrypt-proxy' -l
+<code>
+[Unit]
+Description=dnscrypt-proxy
+After=network-online.target
+Wants=network-online.target
+[Service]
+Type=simple
+WorkingDirectory=/etc/dnscrypt-proxy
+ExecStart='/usr/sbin/dnscrypt-proxy'
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+ReadWritePaths='/etc/dnscrypt-proxy'
+NoNewPrivileges=yes
+RestrictNamespaces=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+[Install]
+WantedBy=multi-user.target</code>
+===== Updater =====
+==== Service ====
+  sudo -e '/etc/systemd/system/dnscrypt-proxy-up.service'
+<code>
+[Service]
+Type=oneshot
+WorkingDirectory=/tmp
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+RestrictNamespaces=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+ExecStartPre='/usr/bin/rm' -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go'
+ExecStartPre='/bin/bash' -c 'sudo -u "dnscryptbuilder" git clone -b "master" "https://github.com/jedisct1/dnscrypt-proxy.git" "/tmp/dnscrypt-proxy" --depth '1''
+ExecStartPre='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go get -d'
+ExecStartPre='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go clean'
+ExecStart='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go build -ldflags="-s -w"'
+ExecStartPost='/usr/bin/mv' '/tmp/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy' '/usr/sbin/dnscrypt-proxy'
+ExecStartPost='/usr/bin/chown' 'root':'root' '/usr/sbin/dnscrypt-proxy'
+ExecStartPost='/usr/bin/chmod' +x '/usr/sbin/dnscrypt-proxy'
+ExecStartPost='/usr/bin/systemctl' restart 'dnscrypt-proxy'
+ExecStartPost='/usr/bin/rm' -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go'
+ExecStartPost='/usr/bin/sync'</code>
+==== Timer ====
+****
+  sudo -e '/etc/systemd/system/dnscrypt-proxy-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'dnscrypt-proxy-up.timer' --now && sudo systemctl start 'dnscrypt-proxy-up' && sudo systemctl status 'dnscrypt-proxy-up' -l
+<code>
+[Unit]
+Description=dnscrypt-proxy Updater
+After=network-online.target
+Wants=network-online.target
+[Timer]
+OnCalendar=weekly
+Persistent=true
+[Install]
+WantedBy=timers.target</code>