Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Highly-available dnscrypt-proxy client setup on OSX with DNSSEC.

Tested, works!

Install

git clone https://gist.github.com/fccbf0f02355a31f7959 && cd fccbf0f02355a31f7959 && sh install.sh && cd .. && rm -rf fccbf0f02355a31f7959

Uninstall

git clone https://gist.github.com/fccbf0f02355a31f7959 && cd fccbf0f02355a31f7959 && sh uninstall.sh && cd .. && rm -rf fccbf0f02355a31f7959
ADAPTERS='Wi-Fi'
START_PORT=5300
DNSCRYPT_RESOLVERS='cloudns-can cloudns-syd dnscrypt.eu-dk dnscrypt.eu-nl soltysiak'
DNSMASQ_PLIST='/Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist'
ports() {
echo "$DNSCRYPT_RESOLVERS" | wc -w
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>homebrew.mxcl.dnscrypt-proxy.__PORT__</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string>
<string>--user=nobody</string>
<string>--logfile=/dev/null</string>
<string>--resolver-name=__RESOLVER__</string>
<string>-a</string>
<string>127.0.0.1:__PORT__</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>homebrew.mxcl.dnsmasq</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string>
<string>--keep-in-foreground</string>
<string>--no-resolv</string>
<string>--no-poll</string>
<string>--all-servers</string>
<string>--proxy-dnssec</string>
<string>--interface=lo0</string>
<string>--bind-interfaces</string>
#!/bin/sh
#
# usage: git clone https://gist.github.com/fccbf0f02355a31f7959 && cd fccbf0f02355a31f7959 && sh install.sh && cd .. && rm -rf fccbf0f02355a31f7959
#
set -e
source config
source functions
install_service() {
sudo launchctl load -w "$1"
}
dnscrypt_proxy_templatize_plist() {
sed "s/__RESOLVER__/$1/g;s/__PORT__/$2/g" homebrew.mxcl.dnscrypt-proxy.template.plist
}
brew install dnscrypt-proxy
brew install dnsmasq --with-dnssec
sudo cp -i homebrew.mxcl.dnsmasq.header.plist "$DNSMASQ_PLIST"
PORT="$START_PORT"
for RESOLVER in $DNSCRYPT_RESOLVERS; do
PLIST="/Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.$PORT.plist"
dnscrypt_proxy_templatize_plist $RESOLVER $PORT | sudo tee "$PLIST" >/dev/null
install_service "$PLIST"
echo " <string>--server=127.0.0.1#$PORT</string>" | sudo tee -a "$DNSMASQ_PLIST" >/dev/null
PORT=$((PORT+1))
done
sudo tee -a "$DNSMASQ_PLIST" >/dev/null < homebrew.mxcl.dnsmasq.footer.plist
install_service "$DNSMASQ_PLIST"
for ADAPTER in $ADAPTERS; do
sudo networksetup -setdnsservers "$ADAPTER" 127.0.0.1
done
echo 'Finished installing dnscrypt-proxy HA setup'
#!/bin/sh
#
# usage: git clone https://gist.github.com/fccbf0f02355a31f7959 && cd fccbf0f02355a31f7959 && sh uninstall.sh && cd .. && rm -rf fccbf0f02355a31f7959
#
set -e
source config
source functions
delete_service() {
sudo launchctl unload -w "$1"
sudo rm -f "$1"
}
for ADAPTER in $ADAPTERS; do
sudo networksetup -setdnsservers "$ADAPTER" Empty
done
brew uninstall dnsmasq
delete_service "$DNSMASQ_PLIST"
brew uninstall dnscrypt-proxy
for PLIST in "/Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy".*.plist; do
delete_service "$PLIST"
done
echo 'Finished uninstalling dnscrypt-proxy HA setup'
@steakknife

This comment has been minimized.

Copy link
Owner Author

@steakknife steakknife commented Nov 6, 2014

Fork & change ADAPTERS if you want to also use this for other adapters

Or, just set dns servers to 127.0.0.1 in Preferences... > Network > (Adapter)

@steakknife

This comment has been minimized.

Copy link
Owner Author

@steakknife steakknife commented Oct 18, 2018

Broken with the rewritten dnscrypt. :'(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.