oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-08 11:49:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

more setup

Browse source
This commit is contained in:
cynthia 2025-06-04 14:13:12 +01:00
parent a676f2eccd
commit 87408e3765
1 changed files with 93 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

94
dnscrypt/index.md
View file

@ -32,7 +32,7 @@ DNSCrypt is the oldest DNS encryption wrapper protocol, It is more optimized for
#### Anonymized DNS #### Anonymized DNS
![](4.png) ![](4.png)
Anonymized DNS is a relay system in DNSCrypt where your DNS queries and responses are relayed through a DNSCrypt server, so that the final DNSCrypt server is not able to tell where the queries came from (granted if the relay and final DNSCrypt server are both not owned or associated with each other). This allows for anonymous, yet still fast DNS queries. Anonymized DNS is a relay system in DNSCrypt where your DNS queries and responses are relayed through a DNSCrypt relay server, so that the DNSCrypt resolver is not able to tell where the queries came from (granted if the relay and resolver are both not owned or associated with each other). This allows for anonymous, yet still fast DNS queries.
### DNS over Tor ### DNS over Tor
![](5.png) ![](5.png)
@ -154,7 +154,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
root@localhost:/opt/dnscrypt-proxy# systemctl disable systemd-resolved root@localhost:/opt/dnscrypt-proxy# systemctl disable systemd-resolved
``` ```
6. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works. 6. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works. It should work out of the box.
```bash ```bash
root@localhost:/opt/dnscrypt-proxy# cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml root@localhost:/opt/dnscrypt-proxy# cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
@ -190,3 +190,93 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
``` ```
Now we are onto configuring `dnscrypt-proxy` to use DoH and/or DNSCrypt. Now we are onto configuring `dnscrypt-proxy` to use DoH and/or DNSCrypt.
9. (Optional) Tinker with the configuration file. The file is extensively commented, and has a lot of stuff you can mess around with.
For example, you can enable/disable DoH or DNSCrypt at around line 68-72. By default, they both should be enabled like this:
```toml
# Use servers implementing the DNSCrypt protocol
dnscrypt_servers = true
# Use servers implementing the DNS-over-HTTPS protocol
doh_servers = true
```
Resolvers and relays can also be optionally configured at line 749-773. By default, it uses signed lists downloaded from `dnscrypt-proxy`'s official resolver/relay sources:
```toml
[sources]
### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.public-resolvers]
urls = [
'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md',
'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md',
]
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 73
prefix = ''
### Anonymized DNS relays
[sources.relays]
urls = [
'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md',
'https://download.dnscrypt.info/resolvers-list/v3/relays.md',
]
cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 73
prefix = ''
```
10. If any configuration was done, `dnscrypt-proxy` can always be restarted with the following command:
```bash
root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy -service restart
```
#### Configuring Anonymized DNS
`dnscrypt-proxy` can be configured to connect through relays to send DNS queries to a resolver.
You can define routes with `routes` in `[anonymized_dns]` in the configuration file (which is located at line 869), which relays to use for a specific server.
For example, here's an example configuration routing DNS queries through either the `anon-cs-vancouver` or `anon-inconnu` relay to the `cs-ore` resolver.
```toml
[anonymized_dns]
routes = [
{ server_name='cs-ore', via=['anon-cs-vancouver', 'anon-inconnu'] }
]
```
You can define as many routes as you want, with their own set of relays.
```toml
[anonymized_dns]
routes = [
{ server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
{ server_name='example-server-2', via=['anon-example-3'] },
{ server_name='example-server-3', via=['anon-example-1'] }
]
```
You can also use wildcards in the `server_name` and/or `via`, to use a random resolver and/or relay for Anonymized DNS (`dnscrypt-proxy` will avoid trying to use a relay and resolver both on the same network).
```toml
[anonymized_dns]
routes = [
{ server_name='example-server-1', via=['*'] },
# Or this:
{ server_name='*', via=['anon-example-1'] },
# Or this:
{ server_name='*', via=['*'] }
]
```