Created
November 9, 2013 00:03
-
-
Save jesusangelm/7379607 to your computer and use it in GitHub Desktop.
DNSCrypt + DNSMasq
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Usar DNSCrypt + DnsMasq | |
| #### Para encriptado de peticiones DNS y cacheo de dichas peticiones. | |
| Primero debemos configurar DNSmasq con las siguientes opciones: | |
| ################################################################ | |
| # Configuration file for dnsmasq. | |
| # | |
| # Format is one option per line, legal options are the same as the | |
| # long options legal on the command line. See | |
| # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. | |
| # Don't read the hostnames in /etc/hosts. | |
| no-hosts | |
| # Do not go into the background at startup but otherwise run as | |
| # normal. | |
| keep-in-foreground | |
| # Do not provide DHCP or TFTP on the loopback interface. | |
| no-dhcp-interface=lo | |
| # Only listen on the loopback interface. | |
| listen-address=127.0.0.1 | |
| # Only bind to interfaces dnsmasq is listening on. | |
| bind-interfaces | |
| # Never forward addresses in the non-routed address spaces. | |
| bogus-priv | |
| # Don't read /etc/resolv.conf. | |
| no-resolv | |
| # Reject (and log) addresses from upstream nameservers which are in | |
| # the private IP ranges. This blocks an attack where a browser behind | |
| # a firewall is used to probe machines on the local network. | |
| stop-dns-rebind | |
| # Exempt 127.0.0.0/8 from rebinding checks. This address range is | |
| # returned by realtime black hole servers, so blocking it may disable | |
| # these services. | |
| rebind-localhost-ok | |
| # Never forward plain names (without a dot or domain part). | |
| domain-needed | |
| # Upstream server is dnscrypt-proxy on local machine. | |
| server=127.0.0.2 | |
| # Set the cache size here. If you don't use spam blocking add-ons such | |
| # Adblock Plus or Ghostery, you may want to increase this value as you | |
| # will be resolving more domain names. | |
| cache-size=1000 | |
| # Pass through DNSSEC validation results from dnscrypt-proxy. | |
| proxy-dnssec | |
| ####################################################################### | |
| Luego ejecutamos DNSCrypt | |
| ### USar DNSCrypt solo: | |
| sudo dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096 --local-address=127.0.0.2 | |
| ### Usar DNSCrypt con OpenDNS | |
| sudo dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096 --local-address=127.0.0.2 --resolver-address=208.67.220.220:443 --provider-name=2.dnscrypt-cert.opendns.com --provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 | |
| ### Usar DNSCrypt con CloudNS (no logs, DNSSEC) | |
| sudo dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096 --resolver-address=113.20.8.17:443 --local-address=127.0.0.2 --provider-name=2.dnscrypt-cert-2.cloudns.com.au --provider-key=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330 | |
| ### Usar DNSCrypt con DNSCrypt.eu (no logs, DNSSEC) | |
| sudo dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096 --resolver-address=176.56.237.171:443 --local-address=127.0.0.2 --provider-name=2.dnscrypt-cert.dnscrypt.eu --provider-key=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 | |
| ### Usar DNSCrypt con Soltysiak.com - (No logs, DNSSEC) | |
| sudo dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096 --local-address=127.0.0.2 --resolver-address=178.216.201.222:2053 --provider-name=2.dnscrypt-cert.soltysiak.com --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21 | |
| Por ultimo colocamos en nuestra configuracion de Red la IP DNS local que seria 127.0.0.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment