Reply To: DNSCrypt

Home Page Forums Network Management Request a new feature DNSCrypt Reply To: DNSCrypt

#53725

jpJxPhOuhvqc
Participant

I cheated and used CDE:

######## INSTALLATION ########
This package should work right away without any need
to configure anything. It will default to using OpenDNS.

!!!!!First TAKE A BACKUP OF YOUR PROFILE SO YOU
!!!!!CAN RESTORE IT IF THINGS GO WRONG

SSH into ZeroShell and go to the Shell.
Then run the following commands:

cd /Database/
wget 'https://windows.mouselike.org/windows.mouselike.org/share/dnscrypt.tar' -O dnscrypt.tar
tar -xf dnscrypt.tar
rm -rf dnscrypt.tar
ls -l | grep dnscrypt

Make sure the dnscrypt-cde directory exists!
drwxrwxrwx 3 root root 4096 Apr 25 14:28 dnscrypt-cde

Go into ZeroShell and go to:
1) DNS on the left hand menu
2) Forwarders along the top menu
3) Remove any "ANY" entries from the list you already have.
4) In the Domain box type in ANY
5) In the Server box type in 0.0.0.0 and click Add
6) Click Close. (At this point your dns will now break until we get to step 10!)
7) Setup on the left menu
8) Scripts/Cron along the top menu
9) Make sure the "Post Boot" option is selected and add this line at the end

/Database/dnscrypt-cde/startdnscrypt.sh

10) Click the TEST button and then close window "Please wait: running the postboot script ..."
11) Click the tick box in the top right to "Enable" the script.
12) Click save.

Your DNS quieries should now be going via dnscrypt.

######## IMPORTANT NOTE ########
Changing the forwarder to 0.0.0.0 allows the startdnscrypt.sh script to
find and replace the forwarder with the dnscrypt local host IP and port.
This has to be done because the ZeroShell web interface doesn't allow
you to enter a custom port for a DNS forwarder and the change has to be
made manually or via the startdnscrypt.sh script.

If you make any change to the DNS section or Interface IPs of the ZeroShell
web interface it will over-write the settings applied by the script and
probably break your DNS resolution, or at a minimum - make it really slow.
If you change any of the settings under these screens you should then
go back and re-run the startdnscrypt.sh script either by ssh or:
1) Setup on the left menu
2) Scripts/Cron along the top menu
3) Make sure the "Post Boot" option is selected
4) Click the TEST button and then close window "Output of the postboot script"

######## SETTINGS ########
If you would like to change DNSCrypt to use a different provider
edit the file /Database/dnscrypt-cde/startdnscrypt.sh
Replace the -R OpenDNS with the name of the provider you wish to use.

You can find the list of Valid provider names here:
/Database/dnscrypt-cde/cde-root/Database/dnscrypt/share/dnscrypt-proxy/dnscrypt-resolvers.csv

######## UNINSTALLATION ########
Go back to the DNS Forwarders settings in ZeroShell and remove 0.0.0.0
Add back in your standard ANY forwarders - if required.
Go into the Setup --> Scripts section and remove
/Database/dnscrypt-cde/startdnscrypt.sh
And click save.

Then, if you want, remove the folder /Database/dnscrypt-cde from the drive.
And reboot if you want to remove the remaining running dnscrypt-proxy process
otherwise it will just disappear upon next restart.

######## REFERENCES / THANKS ########
This version was compiled on CentOS with the following..
libsodium builds:
./configure CC="gcc -static -static-libgcc"
CXX="g++ -static"
CPP="gcc -E -static" CXXCPP="g++ -E -static"
--enable-static --prefix=/Database/dnscrypt/libsodium

dnscrypt build:
./configure CC="gcc -static -static-libgcc"
CXX="g++ -static"
CPP="gcc -E -static" CXXCPP="g++ -E -static"
--enable-static --prefix=/Database/dnscrypt

Then packaged up using CDE which makes easily portable packages:
http://www.pgbovine.net/cde.html

I am not a linux native so there may be far better ways to
compile and run dnscrypt.. please post your advice to the ZeroShell
forums.
https://www.zeroshell.org/forum/viewtopic.php?p=14087

I hope that the ZeroShell maintainer can add DNSCrypt support natively
and via the package management feature (or by default! please) some time
in the future.