You are not logged in.
Pages: 1
Any tutorial?
Offline
Have you had a look at
https://github.com/DNSCrypt/dnscrypt-pr … and-Ubuntu?
There's more information about installation and configuration in the wiki (see right panel on that page)
The versions in the devuan repositories are reasonably up to date (2.0.19 in Beowulf) but you can update to the latest version from Github as long you also get the latest configuration to use the additional features.
If you need more information I run dnscrypt-proxy myself (my version is 2.0.44).
Last edited by Marjorie (2021-12-21 10:22:24)
Offline
Have you had a look at
https://github.com/DNSCrypt/dnscrypt-pr … and-Ubuntu?There's more information about installation and configuration in the wiki (see right panel on that page)
The versions in the devuan repositories are reasonably up to date (2.0.19 in Beowulf) but you can update to the latest version from Github as long you also get the latest configuration to use the additional features.
If you need more information I run dnscrypt-proxy myself (my version is 2.0.44).
It's `systemd` tutorial. I'm looking for a `systemd-free` one.
Could you share here how you manage to properly do it?
Offline
That is horrendous "advice". The dnscrypt-proxy package in the stable repository is covered by the Security Team and should be preferred.
Adding testing/unstable repositories is a good way to break stable systems, even with the moronic pinning outlined in the link.
@OP: try
# apt install dnscrypt-proxy
But please *do not* add any repositories.
Last edited by Head_on_a_Stick (2021-12-23 13:57:40)
Brianna Ghey — Rest In Power
Offline
Hi zzzzzz,
It seems the .deb in the repositories no longer include the files and postinst scripts to install on a sysvinit system. Very lazy on the part of debian/upsteam.
As I never wrote the init that I use myself I assume that I originally installed it from a .deb that did.
I was mistakenly assuming that that your question related to how you set up the configuration as I thought it would still install the init correctly.
To install on a sysvinit OS you need an init file.
The init file (/etc/init.d/dnscrypt-proxy) I'm using is this:
#!/bin/sh
### BEGIN INIT INFO
# Provides: dnscrypt-proxy
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DNSCrypt client proxy
# Description: Encrypted/authenticated DNS proxy
### END INIT INFO
cmd="/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"
name=$(basename $(readlink -f $0))
pid_file="/var/run/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"
get_pid() {
cat "$pid_file"
}
is_running() {
[ -f "$pid_file" ] && ps $(get_pid) > /dev/null 2>&1
}
case "$1" in
start)
if is_running; then
echo "Already started"
else
echo "Starting $name"
if [ ! -d /var/cache/dnscrypt-proxy/ ]; then
mkdir /var/cache/dnscrypt-proxy
fi
cd '/root'
$cmd >> "$stdout_log" 2>> "$stderr_log" &
echo $! > "$pid_file"
if ! is_running; then
echo "Unable to start, see $stdout_log and $stderr_log"
exit 1
fi
fi
;;
stop)
if is_running; then
echo -n "Stopping $name.."
kill $(get_pid)
for i in $(seq 1 10)
do
if ! is_running; then
break
fi
echo -n "."
sleep 1
done
echo
if is_running; then
echo "Not stopped; may still be shutting down or shutdown may have failed"
exit 1
else
echo "Stopped"
if [ -f "$pid_file" ]; then
rm "$pid_file"
fi
fi
else
echo "Not running"
fi
;;
force-reload|restart)
$0 stop
if is_running; then
echo "Unable to stop, will not attempt to start"
exit 1
fi
$0 start
;;
status)
if is_running; then
echo "Running"
else
echo "Stopped"
exit 1
fi
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
exit 0
In the above code the cmd= line points to where my executable (/usr/sbin/dnscrypt-proxy) and configuration file (/etc/dnscrypt-proxy/dnscrypt-proxy.toml) are installed.
Create a file named /etc/init.d/dnscrypt-proxy and with this content and make it executable:
sudo chmod +x /etc/init.d/dnscrypt-proxy
and
sudo chown root:root /etc/init.d/dnscrypt-proxy
In order to get this to work you'll also need to run:
sudo update-rc.d dnscrypt-proxy defaults
to create the symbolic links to this file from /etc/rc02..rc06.
And to start the program:
sudo service dnscrypt-proxy start
This will first download a default list of upstream doh and dnscrypt servers (public.resolvers.md), which you can then, for example, filter (I only use unfiltered, non-logging DNSSEC servers) using the control parameters in the config file.
Which server is chosen from the filtered list at any one time can be controlled but the default is that you get the nearest.
To update the list (servers do come and go) force a restart.
sudo service dnscrypt-proxy restart
There are a number of other (optional) .txt files that are referenced but commented out in the default config file, such as blocking and allow lists. If you enable these I suggest you keep these in /etc/dnscrypt-proxy, however I put my log files in the usual place var/log/dnscrypt-proxy.log.
There are a few example .txt files in the .deb that are placed in /usr/share/dnscrypt-proxy/examples/.
You can check the program runs without using it for live dns lookups, so long as your resolv.conf doesn't point to it.
My resolv.conf is:
# Not from Network Manager
#
# bypass nameserver, uncomment to bypass dnscrypt-proxy
# nameserver 1.1.1.1
#
# dnscrypt-proxy nameserver
nameserver 127.0.0.1
options edns0
My solution to Network Manager trying to overwrite this is to make /etc/resolv.conf a symbolic link to /etc/dnscrypt-proxy/resolv.conf.
Hoping this is helpful.
Last edited by Marjorie (2021-12-23 19:47:29)
Offline
that's for Debian systems. Devuan already includes a forked dnscrypt-proxy version with a working init script, and proper configuration. all you need to do in Devuan is :
apt install dnscrypt-proxy
maybe tweak /etc/dnscrypt-proxy/dnscrypt-proxy.toml a bit if you like...( eg. change default cloudflare, listen address, etc...)
p.s. some history/info about the forked package : https://bugs.devuan.org/cgi/bugreport.cgi?bug=306
couple of years late, but thanks to Mark H. for forking it
Offline
Pages: 1