Questions tagged [dnscrypt]
11 questions
5
votes
1 answer
Going all-in on DNSSEC
I have been doing an effort to go full on DNSSEC on my system with the following setup:
dnscrypt-proxy installed, up and running on 127.0.0.1 with require_dnssec = true
systemd-resolved running, with DNSSEC=yes and DNS=127.0.0.1
only nameserver…
Bart Van Loon
- 153
- 5
5
votes
1 answer
Configure BIND as Forwarder only (no root hints), encrypted + RPZ blacklist / whitelist all together
My setup is getting more complex, generally I tend to divide things in pieces and assemble them together by myself. But it seems this time I need more help to get the whole gears working together. That's why I was requested by user @Rui F Ribeiro to…
user3450548
- 2,714
- 11
- 29
- 46
2
votes
0 answers
Consequences of disabling the use of dnsmasq in Network Manager config?
In elementaryOS Loki, I have only been able to make DnsCrypt to work properly (when manually setting the DNS server address in the gui Network Settings to 127.0.0.1 or whatever other address starting with 127.0.0...) by commenting the line in…
user5950
- 121
- 2
2
votes
1 answer
How to make dnscrypt-proxy auto start in Fedora 25
When I install dnscrypt-proxy, I found no dnscrypt-proxy.service here.
I write a bash to launch it, and write a desktop file here, ~/.config/autostart/dnscrypt.desktop
#!/bin/bash
zenity --password --title="sudo"|tr -d '\n'|sudo -S dnscrypt-proxy…
eexpress
- 351
- 2
- 14
2
votes
1 answer
dnscrypt-proxy - not getting dnssec results
I have installed dnscrypt-proxy and am using and dnssec enabled provider; however, when testing my configuration, I'm not getting back dnssec information:
dig @127.0.0.1 -p 5300 weather.com +dnssec +multi
; <<>> DiG 9.11.0-P3 <<>> @127.0.0.1 -p…
Walter
- 1,204
- 4
- 13
- 36
2
votes
2 answers
Resolving DNS through HTTP/HTTPS
Is there a way to resolve DNS through HTTP/HTTPS, the case was:
my ISP redirecting every DNS request to their own DNS and poisoning the DNS records.
all I need is a software that could resolve requests using http or https, for example, when I set…
Kokizzu
- 9,257
- 12
- 55
- 82
1
vote
1 answer
Should DNS queries for the time servers be encrypted?
When it comes to encrypting DNS queries using dnscrypt-proxy, people also tend to use dnsmasq on their linux machines. The main goal of this setup in the past was to provide cache for DNS queries, but the DNS cache is now implemented in…
Mikhail Morfikov
- 10,309
- 19
- 69
- 104
0
votes
1 answer
Bind9 keeps crashing when forwarding is enabled
I have a debian small server setup with bind9 and dnscrypt both on the same machine. Bind9 runs on port 53, dnscrypt on 5000. The regular bind9 server performs some checks then forward the requests to the dnscrypt one. It worked fine until now…
user3450548
- 2,714
- 11
- 29
- 46
0
votes
1 answer
resolving a subdomain with dnscrypt-proxy returns an IP address but claims that the domain does not exist
I am using dnscrpyt-proxy as a local stub for using DoH. Resolving subdomains claims that they "probably" don't exist or are blocked by the proxy but the IP returned is correct.
I am not sure if this is to be expected or indicative of some…
lucidbrot
- 198
- 1
- 11
0
votes
0 answers
High latency with dnscrypt-proxy
I have been using dnscrypt-proxy for some time and the latency for responses I've been monitoring for months is typically several times slower than if I used google, opendns, cloudflare, or quad 9.
Is this typical?
My average response time with…
Walter
- 1,204
- 4
- 13
- 36
0
votes
1 answer
How should I deal with cyclic dependencies caused by a systemd dynamic user not existing before the service starts?
I would like for dnscrypt-proxy to run as a dynamic user instead of as root. But I would also like to use a firewall rule in nftables where I specify the user dnscrypt-proxy, to allow it to connect to the upstream dns provider.
Now the problem is…
user13666