userdoc:tt_dnscrypt_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
userdoc:tt_dnscrypt_proxy [2018/04/17 10:48]
abelbeck [DNSCrypt Proxy Server]
userdoc:tt_dnscrypt_proxy [2018/05/26 07:48]
droemel
Line 14: Line 14:
 !!Note: AstLinux 1.3.3 or later is required for Import sdns: Stamp support!! !!Note: AstLinux 1.3.3 or later is required for Import sdns: Stamp support!!
  
-==== DNSCrypt Proxy Configuration ====+===== DNSCrypt Proxy Configuration =====
  
 Configuring DNSCrypt is as simple as it gets. Configuring DNSCrypt is as simple as it gets.
Line 42: Line 42:
 using the OpenDNS defaults for the remaining fields. using the OpenDNS defaults for the remaining fields.
  
-==== DNSCrypt Proxy server list ====+===== DNSCrypt Proxy server list =====
  
 Alternatively, there is a growing number of DNSCrypt providers around the world, some of which may be closer to you. Alternatively, there is a growing number of DNSCrypt providers around the world, some of which may be closer to you.
Line 65: Line 65:
  
 !!Tip ->!! Some of you //(you know who you are)// may even want to be your own DNSCrypt provider.  [[https://github.com/Cofyc/dnscrypt-wrapper/|DNSCrypt-Wrapper]] is a server-side DNSCrypt proxy that works with any name resolver. !!Tip ->!! Some of you //(you know who you are)// may even want to be your own DNSCrypt provider.  [[https://github.com/Cofyc/dnscrypt-wrapper/|DNSCrypt-Wrapper]] is a server-side DNSCrypt proxy that works with any name resolver.
-==== Display DNSCrypt Status ====+ 
 +===== Display DNSCrypt Status =====
  
 A quick glance of the Status tab's **DNS** entry will show if DNSCrypt is enabled. A quick glance of the Status tab's **DNS** entry will show if DNSCrypt is enabled.
Line 81: Line 82:
 or or
   dig debug.opendns.com txt +short   dig debug.opendns.com txt +short
-==== Restricting DNS ====+   
 +===== Restricting DNS =====
  
 By default, no changes to the Firewall settings are necessary for DNSCrypt to function.  By default, no changes to the Firewall settings are necessary for DNSCrypt to function. 
Line 107: Line 109:
 The ''SRC='' entry will identify which LAN device is misconfigured. The ''SRC='' entry will identify which LAN device is misconfigured.
  
-==== Possible Startup Issues ====+===== Possible Startup Issues =====
  
 In order to validate the DNSCrypt provider's certificate, the DNSCrypt client's system must have it's clock set to a reasonable time.  Fortunately most AstLinux boards have a real time clock with battery backup so this is not a common problem, but if your board's CMOS battery is dead or such, and the system time is not reasonable at startup, this can be a problem when enabling DNSCrypt.  Regardless, one of the first things AstLinux does at startup is to accurately set the system clock using the NTP protocol.  If the specified NTP server is a numeric IP address or a locally resolved DNS name (via local ''/etc/hosts''), no problem.  But, if the specified NTP server was, say "us.pool.ntp.org", we have the classic chicken-egg problem. In order to validate the DNSCrypt provider's certificate, the DNSCrypt client's system must have it's clock set to a reasonable time.  Fortunately most AstLinux boards have a real time clock with battery backup so this is not a common problem, but if your board's CMOS battery is dead or such, and the system time is not reasonable at startup, this can be a problem when enabling DNSCrypt.  Regardless, one of the first things AstLinux does at startup is to accurately set the system clock using the NTP protocol.  If the specified NTP server is a numeric IP address or a locally resolved DNS name (via local ''/etc/hosts''), no problem.  But, if the specified NTP server was, say "us.pool.ntp.org", we have the classic chicken-egg problem.
  • userdoc/tt_dnscrypt_proxy.txt
  • Last modified: 2023/10/29 10:22
  • by abelbeck