mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git
synced 2025-06-08 00:59:35 +00:00
more setup
This commit is contained in:
cynthia
parent
a676f2eccd
commit
87408e3765
1 changed files with 93 additions and 3 deletions
|
|
@ -32,7 +32,7 @@ DNSCrypt is the oldest DNS encryption wrapper protocol, It is more optimized for
|
|||
#### Anonymized DNS
|
||||
|
||||
|
||||
Anonymized DNS is a relay system in DNSCrypt where your DNS queries and responses are relayed through a DNSCrypt server, so that the final DNSCrypt server is not able to tell where the queries came from (granted if the relay and final DNSCrypt server are both not owned or associated with each other). This allows for anonymous, yet still fast DNS queries.
|
||||
Anonymized DNS is a relay system in DNSCrypt where your DNS queries and responses are relayed through a DNSCrypt relay server, so that the DNSCrypt resolver is not able to tell where the queries came from (granted if the relay and resolver are both not owned or associated with each other). This allows for anonymous, yet still fast DNS queries.
|
||||
|
||||
### DNS over Tor
|
||||
|
||||
|
|
@ -154,7 +154,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
|
|||
root@localhost:/opt/dnscrypt-proxy# systemctl disable systemd-resolved
|
||||
```
|
||||
|
||||
6. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works.
|
||||
6. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works. It should work out of the box.
|
||||
|
||||
```bash
|
||||
root@localhost:/opt/dnscrypt-proxy# cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
|
||||
|
|
@ -189,4 +189,94 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
|
|||
root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy -service start
|
||||
```
|
||||
|
||||
Now we are onto configuring `dnscrypt-proxy` to use DoH and/or DNSCrypt.
|
||||
Now we are onto configuring `dnscrypt-proxy` to use DoH and/or DNSCrypt.
|
||||
|
||||
9. (Optional) Tinker with the configuration file. The file is extensively commented, and has a lot of stuff you can mess around with.
|
||||
|
||||
For example, you can enable/disable DoH or DNSCrypt at around line 68-72. By default, they both should be enabled like this:
|
||||
|
||||
```toml
|
||||
# Use servers implementing the DNSCrypt protocol
|
||||
dnscrypt_servers = true
|
||||
|
||||
# Use servers implementing the DNS-over-HTTPS protocol
|
||||
doh_servers = true
|
||||
```
|
||||
|
||||
Resolvers and relays can also be optionally configured at line 749-773. By default, it uses signed lists downloaded from `dnscrypt-proxy`'s official resolver/relay sources:
|
||||
|
||||
```toml
|
||||
[sources]
|
||||
|
||||
### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
|
||||
|
||||
[sources.public-resolvers]
|
||||
urls = [
|
||||
'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md',
|
||||
'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md',
|
||||
]
|
||||
cache_file = 'public-resolvers.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 73
|
||||
prefix = ''
|
||||
|
||||
### Anonymized DNS relays
|
||||
|
||||
[sources.relays]
|
||||
urls = [
|
||||
'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md',
|
||||
'https://download.dnscrypt.info/resolvers-list/v3/relays.md',
|
||||
]
|
||||
cache_file = 'relays.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 73
|
||||
prefix = ''
|
||||
```
|
||||
|
||||
10. If any configuration was done, `dnscrypt-proxy` can always be restarted with the following command:
|
||||
|
||||
```bash
|
||||
root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy -service restart
|
||||
```
|
||||
|
||||
#### Configuring Anonymized DNS
|
||||
|
||||
`dnscrypt-proxy` can be configured to connect through relays to send DNS queries to a resolver.
|
||||
You can define routes with `routes` in `[anonymized_dns]` in the configuration file (which is located at line 869), which relays to use for a specific server.
|
||||
|
||||
For example, here's an example configuration routing DNS queries through either the `anon-cs-vancouver` or `anon-inconnu` relay to the `cs-ore` resolver.
|
||||
|
||||
```toml
|
||||
[anonymized_dns]
|
||||
routes = [
|
||||
{ server_name='cs-ore', via=['anon-cs-vancouver', 'anon-inconnu'] }
|
||||
]
|
||||
```
|
||||
|
||||
You can define as many routes as you want, with their own set of relays.
|
||||
|
||||
```toml
|
||||
[anonymized_dns]
|
||||
routes = [
|
||||
{ server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
|
||||
{ server_name='example-server-2', via=['anon-example-3'] },
|
||||
{ server_name='example-server-3', via=['anon-example-1'] }
|
||||
]
|
||||
```
|
||||
|
||||
You can also use wildcards in the `server_name` and/or `via`, to use a random resolver and/or relay for Anonymized DNS (`dnscrypt-proxy` will avoid trying to use a relay and resolver both on the same network).
|
||||
|
||||
```toml
|
||||
[anonymized_dns]
|
||||
routes = [
|
||||
{ server_name='example-server-1', via=['*'] },
|
||||
|
||||
# Or this:
|
||||
|
||||
{ server_name='*', via=['anon-example-1'] },
|
||||
|
||||
# Or this:
|
||||
|
||||
{ server_name='*', via=['*'] }
|
||||
]
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue