servers:linux:dnscrypt-proxy
Table of Contents
Information
Prerequisites
Create Group and User
sudo groupadd 'dnscryptbuilder' && sudo useradd -c 'DNSCrypt Builder User' -d '/var/lib/dnscryptbuilder' -g 'dnscryptbuilder' -m -r 'dnscryptbuilder'
Dependencies
sudo zypper install git-core go
Install
Build
Switch User
sudo su 'dnscryptbuilder' -s '/bin/bash'
Compile
cd '/tmp' && rm -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* ~/'go' && git clone -b 'master' 'https://github.com/jedisct1/dnscrypt-proxy.git' '/tmp/dnscrypt-proxy' --depth '1' && cd '/tmp/dnscrypt-proxy/dnscrypt-proxy' && go get -d && go clean && go build -ldflags='-s -w' && exit
Install
sudo mv '/tmp/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy' '/usr/sbin/dnscrypt-proxy' && sudo chown 'root':'root' '/usr/sbin/dnscrypt-proxy' && sudo chmod +x '/usr/sbin/dnscrypt-proxy' && sudo restorecon -v '/usr/sbin/dnscrypt-proxy' && cd ~ && sudo rm -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go' && sync
Settings
References
Notes
server_namescan be commented-out in order to query all available servers, and then manually curated to select the servers with lowest response times
Settings
sudo mkdir -p '/etc/dnscrypt-proxy' && sudo -e '/etc/dnscrypt-proxy/dnscrypt-proxy.toml'
server_names = ['cloudflare', 'ev-us2', 'ventricle.us', 'opennic-onic'] keepalive = 10 fallback_resolver = '185.121.177.177:53' ipv6_servers = true require_dnssec = true [blacklist] blacklist_file = 'blacklist.txt' [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] cache_file = 'public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' [sources.'opennic'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'http://download.dnscrypt.info/resolvers-list/v2/opennic.md'] cache_file = 'opennic.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
Blacklist
sudo -e '/etc/dnscrypt-proxy/blacklist.txt'
# Facebook 2018/03/19 *.facebook.* *.fbcdn.* *.tfbnw.* *.fbsbx.* *.fb.* *.whatsapp.* *.instagram.*
Services
Main
sudo -e '/etc/systemd/system/dnscrypt-proxy.service' && sudo systemctl daemon-reload && sudo systemctl enable 'dnscrypt-proxy' --now && sudo systemctl status 'dnscrypt-proxy' -l
[Unit] Description=dnscrypt-proxy After=network-online.target Wants=network-online.target [Service] Type=simple WorkingDirectory=/etc/dnscrypt-proxy ExecStart='/usr/sbin/dnscrypt-proxy' ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes PrivateDevices=yes PrivateTmp=yes ProtectHome=yes ProtectSystem=yes ReadWritePaths='/etc/dnscrypt-proxy' NoNewPrivileges=yes RestrictNamespaces=yes MemoryDenyWriteExecute=yes RestrictRealtime=yes [Install] WantedBy=multi-user.target
Updater
Service
sudo -e '/etc/systemd/system/dnscrypt-proxy-up.service'
[Service] Type=oneshot WorkingDirectory=/tmp ProtectControlGroups=yes ProtectKernelModules=yes PrivateDevices=yes PrivateTmp=yes ProtectHome=yes RestrictNamespaces=yes MemoryDenyWriteExecute=yes RestrictRealtime=yes ExecStartPre='/usr/bin/rm' -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go' ExecStartPre='/bin/bash' -c 'sudo -u "dnscryptbuilder" git clone -b "master" "https://github.com/jedisct1/dnscrypt-proxy.git" "/tmp/dnscrypt-proxy" --depth '1'' ExecStartPre='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go get -d' ExecStartPre='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go clean' ExecStart='/bin/bash' -c 'cd "/tmp/dnscrypt-proxy/dnscrypt-proxy" && sudo -u "dnscryptbuilder" go build -ldflags="-s -w"' ExecStartPost='/usr/bin/mv' '/tmp/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy' '/usr/sbin/dnscrypt-proxy' ExecStartPost='/usr/bin/chown' 'root':'root' '/usr/sbin/dnscrypt-proxy' ExecStartPost='/usr/bin/chmod' +x '/usr/sbin/dnscrypt-proxy' ExecStartPost='/usr/bin/systemctl' restart 'dnscrypt-proxy' ExecStartPost='/usr/bin/rm' -Rf '/tmp/dnscrypt-proxy' '/tmp/go-build'* '/var/lib/dnscryptbuilder/go' ExecStartPost='/usr/bin/sync'
Timer
sudo -e '/etc/systemd/system/dnscrypt-proxy-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'dnscrypt-proxy-up.timer' --now && sudo systemctl start 'dnscrypt-proxy-up' && sudo systemctl status 'dnscrypt-proxy-up' -l
[Unit] Description=dnscrypt-proxy Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=timers.target
/var/www/wiki/data/pages/servers/linux/dnscrypt-proxy.txt · Last modified: by 127.0.0.1