The officially official Devuan Forum!

You are not logged in.

#1 2021-12-21 04:59:25

zzzzzz
Member
Registered: 2021-12-19
Posts: 4  

HOWTO: Install dnscrypt-proxy in Devuan?

Any tutorial?

Offline

#2 2021-12-21 10:21:37

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 133  

Re: HOWTO: Install dnscrypt-proxy in Devuan?

Have you had a look at
https://github.com/DNSCrypt/dnscrypt-pr … and-Ubuntu?

There's more information about installation and configuration in the wiki (see right panel on that page)

The versions in the devuan repositories are reasonably up to date (2.0.19 in Beowulf) but you can update to the latest version from Github as long you also get the latest configuration to use the additional features.

If you need more information I run dnscrypt-proxy myself (my version is 2.0.44).

Last edited by Marjorie (2021-12-21 10:22:24)

Offline

#3 2021-12-23 13:36:14

zzzzzz
Member
Registered: 2021-12-19
Posts: 4  

Re: HOWTO: Install dnscrypt-proxy in Devuan?

Marjorie wrote:

Have you had a look at
https://github.com/DNSCrypt/dnscrypt-pr … and-Ubuntu?

There's more information about installation and configuration in the wiki (see right panel on that page)

The versions in the devuan repositories are reasonably up to date (2.0.19 in Beowulf) but you can update to the latest version from Github as long you also get the latest configuration to use the additional features.

If you need more information I run dnscrypt-proxy myself (my version is 2.0.44).

It's `systemd` tutorial. I'm looking for a `systemd-free` one.

Could you share here how you manage to properly do it?

Offline

#4 2021-12-23 13:55:21

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: HOWTO: Install dnscrypt-proxy in Devuan?

That is horrendous "advice". The dnscrypt-proxy package in the stable repository is covered by the Security Team and should be preferred.

Adding testing/unstable repositories is a good way to break stable systems, even with the moronic pinning outlined in the link.

@OP: try

# apt install dnscrypt-proxy

But please *do not* add any repositories.

Last edited by Head_on_a_Stick (2021-12-23 13:57:40)


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#5 2021-12-23 19:30:12

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 133  

Re: HOWTO: Install dnscrypt-proxy in Devuan?

Hi zzzzzz,

It seems the .deb in the repositories no longer include the files and postinst scripts to install on a sysvinit system. Very lazy on the part of debian/upsteam.

As I never wrote the init that I use myself I assume that I originally installed it from a .deb that did.

I was mistakenly assuming that that your question related to how you set up the configuration as I thought it would still install the init correctly.

To install on a sysvinit OS you need an init file.

The init file (/etc/init.d/dnscrypt-proxy) I'm using is this:

#!/bin/sh
### BEGIN INIT INFO
# Provides:          dnscrypt-proxy
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: DNSCrypt client proxy
# Description:       Encrypted/authenticated DNS proxy
### END INIT INFO

cmd="/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml"

name=$(basename $(readlink -f $0))
pid_file="/var/run/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"

get_pid() {
    cat "$pid_file"
}

is_running() {
    [ -f "$pid_file" ] && ps $(get_pid) > /dev/null 2>&1
}

case "$1" in
    start)
        if is_running; then
            echo "Already started"
        else
            echo "Starting $name"
	    if  [ ! -d /var/cache/dnscrypt-proxy/ ]; then
		mkdir /var/cache/dnscrypt-proxy
	    fi
            cd '/root'
            $cmd >> "$stdout_log" 2>> "$stderr_log" &
            echo $! > "$pid_file"
            if ! is_running; then
                echo "Unable to start, see $stdout_log and $stderr_log"
                exit 1
            fi
        fi
    ;;
    stop)
        if is_running; then
            echo -n "Stopping $name.."
            kill $(get_pid)
            for i in $(seq 1 10)
            do
                if ! is_running; then
                    break
                fi
                echo -n "."
                sleep 1
            done
            echo
            if is_running; then
                echo "Not stopped; may still be shutting down or shutdown may have failed"
                exit 1
            else
                echo "Stopped"
                if [ -f "$pid_file" ]; then
                    rm "$pid_file"
                fi
            fi
        else
            echo "Not running"
        fi
    ;;
    force-reload|restart)
        $0 stop
        if is_running; then
            echo "Unable to stop, will not attempt to start"
            exit 1
        fi
        $0 start
    ;;
    status)
        if is_running; then
            echo "Running"
        else
            echo "Stopped"
            exit 1
        fi
    ;;
    *)
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1
    ;;
esac
exit 0

In the above code the cmd= line points to where my executable (/usr/sbin/dnscrypt-proxy) and configuration file (/etc/dnscrypt-proxy/dnscrypt-proxy.toml) are installed.
 
Create a file named /etc/init.d/dnscrypt-proxy and with this content and make it executable:

sudo chmod +x /etc/init.d/dnscrypt-proxy

and

sudo chown root:root /etc/init.d/dnscrypt-proxy

In order to get this to work you'll also need to run:

sudo update-rc.d dnscrypt-proxy defaults

to create the symbolic links to this file from /etc/rc02..rc06.

And to start the program:

sudo service dnscrypt-proxy start

This will first download a default list of upstream doh and dnscrypt servers (public.resolvers.md), which you can then, for example, filter (I only use unfiltered, non-logging DNSSEC servers) using the control parameters in the config file.

Which server is chosen from the filtered list at any one time can be controlled but the default is that you get the nearest.

To update the list (servers do come and go) force a restart.

sudo service dnscrypt-proxy restart

There are a number of other (optional) .txt files that are referenced but commented out in the default config file, such as blocking and allow lists. If you enable these I suggest you keep these in /etc/dnscrypt-proxy, however I put my log files in the usual place var/log/dnscrypt-proxy.log.

There are a few example .txt files in the .deb that are placed in /usr/share/dnscrypt-proxy/examples/.

You can check the program runs without using it for live dns lookups, so long as your resolv.conf doesn't point to it.

My resolv.conf is:

# Not from Network Manager
#
# bypass nameserver, uncomment to bypass dnscrypt-proxy
# nameserver 1.1.1.1
#
# dnscrypt-proxy nameserver
nameserver 127.0.0.1
options edns0

My solution to Network Manager trying to overwrite this is to make /etc/resolv.conf a symbolic link to /etc/dnscrypt-proxy/resolv.conf.

Hoping this is helpful.

Last edited by Marjorie (2021-12-23 19:47:29)

Offline

#6 2021-12-23 23:17:46

xinomilo
Member
Registered: 2017-07-02
Posts: 229  

Re: HOWTO: Install dnscrypt-proxy in Devuan?

that's for Debian systems. Devuan already includes a forked dnscrypt-proxy version with a working init script, and proper configuration. all you need to do in Devuan is :

apt install dnscrypt-proxy

maybe tweak /etc/dnscrypt-proxy/dnscrypt-proxy.toml a bit if you like...( eg. change default cloudflare, listen address, etc...)

p.s. some history/info about the forked package : https://bugs.devuan.org/cgi/bugreport.cgi?bug=306
couple of years late, but thanks to Mark H. for forking it smile

Offline

Board footer