www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

DNSCrypt

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Request a new feature
View previous topic :: View next topic  
Author Message
drsox



Joined: 09 Jan 2014
Posts: 14

PostPosted: Wed Feb 18, 2015 12:05 pm    Post subject: DNSCrypt Reply with quote

http://dnscrypt.org/

https://www.opendns.com/about/innovations/dnscrypt/

I recently had my ISP do this to me [ZeroShell is set to use OpenDNS and the provider randomly turned on network filtering on port 53 without warning]:
https://thecomputerperson.files.wordpress.com/2015/02/thanksbt1.png?w=520

DNSCrypt support, if it existed and I had set it up, would have prevented them from screwing over my broadband and hijacking my DNS requests.

I would love to see DNSCrypt support or package added Smile

Tom - www.mouselike.org


Last edited by drsox on Sat Apr 25, 2015 1:26 pm; edited 2 times in total
Back to top
View user's profile Send private message
drsox



Joined: 09 Jan 2014
Posts: 14

PostPosted: Thu Apr 23, 2015 8:32 pm    Post subject: Reply with quote

Please could this be compiled for ZeroShell Very Happy I've tried and failed.. I can't work out how to compile it.

Tom - www.mouselike.org
Back to top
View user's profile Send private message
drsox



Joined: 09 Jan 2014
Posts: 14

PostPosted: Sat Apr 25, 2015 1:25 pm    Post subject: Reply with quote

I cheated and used CDE:

Code:
######## INSTALLATION ########
This package should work right away without any need
to configure anything. It will default to using OpenDNS.

!!!!!First TAKE A BACKUP OF YOUR PROFILE SO YOU
!!!!!CAN RESTORE IT IF THINGS GO WRONG

SSH into ZeroShell and go to the Shell.
Then run the following commands:

cd /Database/
wget 'https://windows.mouselike.org/windows.mouselike.org/share/dnscrypt.tar' -O dnscrypt.tar
tar -xf dnscrypt.tar
rm -rf dnscrypt.tar
ls -l | grep dnscrypt

Make sure the dnscrypt-cde directory exists!
drwxrwxrwx    3 root     root         4096 Apr 25 14:28 dnscrypt-cde

Go into ZeroShell and go to:
1) DNS on the left hand menu
2) Forwarders along the top menu
3) Remove any "ANY" entries from the list you already have.
4) In the Domain box type in ANY
5) In the Server box type in 0.0.0.0 and click Add
6) Click Close. (At this point your dns will now break until we get to step 10!)
7) Setup on the left menu
8) Scripts/Cron along the top menu
9) Make sure the "Post Boot" option is selected and add this line at the end

/Database/dnscrypt-cde/startdnscrypt.sh

10) Click the TEST button and then close window "Please wait: running the postboot script ..."
11) Click the tick box in the top right to "Enable" the script.
12) Click save.

Your DNS quieries should now be going via dnscrypt.

######## IMPORTANT NOTE ########
Changing the forwarder to 0.0.0.0 allows the startdnscrypt.sh script to
find and replace the forwarder with the dnscrypt local host IP and port.
This has to be done because the ZeroShell web interface doesn't allow
you to enter a custom port for a DNS forwarder and the change has to be
made manually or via the startdnscrypt.sh script.

If you make any change to the DNS section or Interface IPs of the ZeroShell
web interface it will over-write the settings applied by the script and
probably break your DNS resolution, or at a minimum - make it really slow.
If you change any of the settings under these screens you should then
go back and re-run the startdnscrypt.sh script either by ssh or:
1) Setup on the left menu
2) Scripts/Cron along the top menu
3) Make sure the "Post Boot" option is selected
4) Click the TEST button and then close window "Output of the postboot script"

######## SETTINGS ########
If you would like to change DNSCrypt to use a different provider
edit the file /Database/dnscrypt-cde/startdnscrypt.sh
Replace the -R OpenDNS with the name of the provider you wish to use.

You can find the list of Valid provider names here:
/Database/dnscrypt-cde/cde-root/Database/dnscrypt/share/dnscrypt-proxy/dnscrypt-resolvers.csv

######## UNINSTALLATION ########
Go back to the DNS Forwarders settings in ZeroShell and remove 0.0.0.0
Add back in your standard ANY forwarders - if required.
Go into the Setup --> Scripts section and remove
/Database/dnscrypt-cde/startdnscrypt.sh
And click save.

Then, if you want, remove the folder /Database/dnscrypt-cde from the drive.
And reboot if you want to remove the remaining running dnscrypt-proxy process
otherwise it will just disappear upon next restart.

######## REFERENCES / THANKS ########
This version was compiled on CentOS with the following..
libsodium builds:
./configure CC="gcc -static -static-libgcc" \
                 CXX="g++ -static" \
                 CPP="gcc -E -static" CXXCPP="g++ -E -static" \
                  --enable-static --prefix=/Database/dnscrypt/libsodium

dnscrypt build:
./configure CC="gcc -static -static-libgcc" \
                 CXX="g++ -static" \
                 CPP="gcc -E -static" CXXCPP="g++ -E -static" \
                  --enable-static --prefix=/Database/dnscrypt
                 
Then packaged up using CDE which makes easily portable packages:
http://www.pgbovine.net/cde.html

I am not a linux native so there may be far better ways to
compile and run dnscrypt.. please post your advice to the ZeroShell
forums.
http://www.zeroshell.org/forum/viewtopic.php?p=14087

I hope that the ZeroShell maintainer can add DNSCrypt support natively
and via the package management feature (or by default! please) some time
in the future.


Last edited by drsox on Mon Jun 15, 2015 9:22 pm; edited 2 times in total
Back to top
View user's profile Send private message
gordonf



Joined: 26 Feb 2012
Posts: 89

PostPosted: Sat Apr 25, 2015 2:30 pm    Post subject: This is pretty clever Reply with quote

It reminds me of the VMware Tools hack.

Would putting dnscrypt in its own volume make it usable between profiles? For the vmtools hack I ended up making a partition just for it, and mounted it in the post-boot script alongside running the startup.sh file.
Back to top
View user's profile Send private message
carib



Joined: 18 Dec 2016
Posts: 2

PostPosted: Sun Dec 18, 2016 3:51 am    Post subject: Building from DNSCrypt from source Reply with quote

For anyone interested I've put a new guide on building DNSCrypt from scratch. https://www.caribmendez.net/2016/12/dnscrypt-and-zeroshell/
Back to top
View user's profile Send private message
drsox



Joined: 09 Jan 2014
Posts: 14

PostPosted: Sun Dec 18, 2016 4:14 pm    Post subject: Reply with quote

Looking good. I've compiled it pending copying to my zeroshell.

One thing to note I think these are in the wrong order..
Run configure & make
./configure --libdir=/Database/dnscrypt/libsodium/lib --enable-static --prefix=/Database/dnscrypt && make
Copy the libsodium header files to the src folder in dnscrypt.
cp /Database/dnscrypt/libsodium/include/sodium.h src/proxy/sodium.h
cp -R /Database/dnscrypt/libsodium/include/sodium src/proxy/sodium

I had to do the two copy lines before ./configure would complete without error?

Also how does CDE get over to the zeroshell machine? The tar doesn't seem to contain it so I get
/Database/startdnscrypt.sh: line 4: /Database/dnscrypt/cde-exec: No such file or directory
Back to top
View user's profile Send private message
carib



Joined: 18 Dec 2016
Posts: 2

PostPosted: Sun Dec 18, 2016 8:28 pm    Post subject: DNSCrypt Reply with quote

Thanks for the catch. You do need the header and src folder in place before configuring. As for CDE, I wrote that wrong it should be
Code:
sudo cde -o ~/dnscrypt /Database/dnscrypt/sbin/dnscrypt-proxy --resolver-name=cisco

Then zip the file at ~/dnscrypt
Code:
tar -zcvf ~/dnscrypt.tar ~/dnscrypt


I've updated the guide…thanks again[/code]
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Request a new feature All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group