Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
userdoc:tt_dnscrypt_proxy [2018/04/17 10:48]
abelbeck [DNSCrypt Proxy Server]
userdoc:tt_dnscrypt_proxy [2018/05/26 07:48] (current)
droemel
Line 14: Line 14:
 !!Note: AstLinux 1.3.3 or later is required for Import sdns: Stamp support!! !!Note: AstLinux 1.3.3 or later is required for Import sdns: Stamp support!!
  
-==== DNSCrypt Proxy Configuration ====+===== DNSCrypt Proxy Configuration ​=====
  
 Configuring DNSCrypt is as simple as it gets. Configuring DNSCrypt is as simple as it gets.
Line 42: Line 42:
 using the OpenDNS defaults for the remaining fields. using the OpenDNS defaults for the remaining fields.
  
-==== DNSCrypt Proxy server list ====+===== DNSCrypt Proxy server list =====
  
 Alternatively,​ there is a growing number of DNSCrypt providers around the world, some of which may be closer to you. Alternatively,​ there is a growing number of DNSCrypt providers around the world, some of which may be closer to you.
Line 65: Line 65:
  
 !!Tip ->!! Some of you //(you know who you are)// may even want to be your own DNSCrypt provider. ​ [[https://​github.com/​Cofyc/​dnscrypt-wrapper/​|DNSCrypt-Wrapper]] is a server-side DNSCrypt proxy that works with any name resolver. !!Tip ->!! Some of you //(you know who you are)// may even want to be your own DNSCrypt provider. ​ [[https://​github.com/​Cofyc/​dnscrypt-wrapper/​|DNSCrypt-Wrapper]] is a server-side DNSCrypt proxy that works with any name resolver.
-==== Display DNSCrypt Status ====+ 
 +===== Display DNSCrypt Status ​=====
  
 A quick glance of the Status tab's **DNS** entry will show if DNSCrypt is enabled. A quick glance of the Status tab's **DNS** entry will show if DNSCrypt is enabled.
Line 81: Line 82:
 or or
   dig debug.opendns.com txt +short   dig debug.opendns.com txt +short
-==== Restricting DNS ====+   
 +===== Restricting DNS =====
  
 By default, no changes to the Firewall settings are necessary for DNSCrypt to function. ​ By default, no changes to the Firewall settings are necessary for DNSCrypt to function. ​
Line 107: Line 109:
 The ''​SRC=''​ entry will identify which LAN device is misconfigured. The ''​SRC=''​ entry will identify which LAN device is misconfigured.
  
-==== Possible Startup Issues ====+===== Possible Startup Issues ​=====
  
 In order to validate the DNSCrypt provider'​s certificate,​ the DNSCrypt client'​s system must have it's clock set to a reasonable time.  Fortunately most AstLinux boards have a real time clock with battery backup so this is not a common problem, but if your board'​s CMOS battery is dead or such, and the system time is not reasonable at startup, this can be a problem when enabling DNSCrypt. ​ Regardless, one of the first things AstLinux does at startup is to accurately set the system clock using the NTP protocol. ​ If the specified NTP server is a numeric IP address or a locally resolved DNS name (via local ''/​etc/​hosts''​),​ no problem. ​ But, if the specified NTP server was, say "​us.pool.ntp.org",​ we have the classic chicken-egg problem. In order to validate the DNSCrypt provider'​s certificate,​ the DNSCrypt client'​s system must have it's clock set to a reasonable time.  Fortunately most AstLinux boards have a real time clock with battery backup so this is not a common problem, but if your board'​s CMOS battery is dead or such, and the system time is not reasonable at startup, this can be a problem when enabling DNSCrypt. ​ Regardless, one of the first things AstLinux does at startup is to accurately set the system clock using the NTP protocol. ​ If the specified NTP server is a numeric IP address or a locally resolved DNS name (via local ''/​etc/​hosts''​),​ no problem. ​ But, if the specified NTP server was, say "​us.pool.ntp.org",​ we have the classic chicken-egg problem.