Home Page › Forums › Network Management › Request a new feature › DNSCrypt
This topic contains 5 replies, has 0 voices, and was last updated by jpJxPhOuhvqc 2 years, 2 months ago.
-
AuthorPosts
-
February 18, 2015 at 12:05 pm #44215
https://www.opendns.com/about/innovations/dnscrypt/
I recently had my ISP do this to me [ZeroShell is set to use OpenDNS and the provider randomly turned on network filtering on port 53 without warning]:
https://thecomputerperson.files.wordpress.com/2015/02/thanksbt1.png?w=520DNSCrypt support, if it existed and I had set it up, would have prevented them from screwing over my broadband and hijacking my DNS requests.
I would love to see DNSCrypt support or package added 🙂
Tom – http://www.mouselike.org
April 23, 2015 at 8:32 pm #53724Please could this be compiled for ZeroShell 😀 I’ve tried and failed.. I can’t work out how to compile it.
Tom – http://www.mouselike.org
April 25, 2015 at 1:25 pm #53725I cheated and used CDE:
######## INSTALLATION ########
This package should work right away without any need
to configure anything. It will default to using OpenDNS.
!!!!!First TAKE A BACKUP OF YOUR PROFILE SO YOU
!!!!!CAN RESTORE IT IF THINGS GO WRONG
SSH into ZeroShell and go to the Shell.
Then run the following commands:
cd /Database/
wget 'https://windows.mouselike.org/windows.mouselike.org/share/dnscrypt.tar' -O dnscrypt.tar
tar -xf dnscrypt.tar
rm -rf dnscrypt.tar
ls -l | grep dnscrypt
Make sure the dnscrypt-cde directory exists!
drwxrwxrwx 3 root root 4096 Apr 25 14:28 dnscrypt-cde
Go into ZeroShell and go to:
1) DNS on the left hand menu
2) Forwarders along the top menu
3) Remove any "ANY" entries from the list you already have.
4) In the Domain box type in ANY
5) In the Server box type in 0.0.0.0 and click Add
6) Click Close. (At this point your dns will now break until we get to step 10!)
7) Setup on the left menu
8) Scripts/Cron along the top menu
9) Make sure the "Post Boot" option is selected and add this line at the end
/Database/dnscrypt-cde/startdnscrypt.sh
10) Click the TEST button and then close window "Please wait: running the postboot script ..."
11) Click the tick box in the top right to "Enable" the script.
12) Click save.
Your DNS quieries should now be going via dnscrypt.
######## IMPORTANT NOTE ########
Changing the forwarder to 0.0.0.0 allows the startdnscrypt.sh script to
find and replace the forwarder with the dnscrypt local host IP and port.
This has to be done because the ZeroShell web interface doesn't allow
you to enter a custom port for a DNS forwarder and the change has to be
made manually or via the startdnscrypt.sh script.
If you make any change to the DNS section or Interface IPs of the ZeroShell
web interface it will over-write the settings applied by the script and
probably break your DNS resolution, or at a minimum - make it really slow.
If you change any of the settings under these screens you should then
go back and re-run the startdnscrypt.sh script either by ssh or:
1) Setup on the left menu
2) Scripts/Cron along the top menu
3) Make sure the "Post Boot" option is selected
4) Click the TEST button and then close window "Output of the postboot script"
######## SETTINGS ########
If you would like to change DNSCrypt to use a different provider
edit the file /Database/dnscrypt-cde/startdnscrypt.sh
Replace the -R OpenDNS with the name of the provider you wish to use.
You can find the list of Valid provider names here:
/Database/dnscrypt-cde/cde-root/Database/dnscrypt/share/dnscrypt-proxy/dnscrypt-resolvers.csv
######## UNINSTALLATION ########
Go back to the DNS Forwarders settings in ZeroShell and remove 0.0.0.0
Add back in your standard ANY forwarders - if required.
Go into the Setup --> Scripts section and remove
/Database/dnscrypt-cde/startdnscrypt.sh
And click save.
Then, if you want, remove the folder /Database/dnscrypt-cde from the drive.
And reboot if you want to remove the remaining running dnscrypt-proxy process
otherwise it will just disappear upon next restart.
######## REFERENCES / THANKS ########
This version was compiled on CentOS with the following..
libsodium builds:
./configure CC="gcc -static -static-libgcc"
CXX="g++ -static"
CPP="gcc -E -static" CXXCPP="g++ -E -static"
--enable-static --prefix=/Database/dnscrypt/libsodium
dnscrypt build:
./configure CC="gcc -static -static-libgcc"
CXX="g++ -static"
CPP="gcc -E -static" CXXCPP="g++ -E -static"
--enable-static --prefix=/Database/dnscrypt
Then packaged up using CDE which makes easily portable packages:
http://www.pgbovine.net/cde.html
I am not a linux native so there may be far better ways to
compile and run dnscrypt.. please post your advice to the ZeroShell
forums.
https://www.zeroshell.org/forum/viewtopic.php?p=14087
I hope that the ZeroShell maintainer can add DNSCrypt support natively
and via the package management feature (or by default! please) some time
in the future.April 25, 2015 at 2:30 pm #53726It reminds me of the VMware Tools hack.
Would putting dnscrypt in its own volume make it usable between profiles? For the vmtools hack I ended up making a partition just for it, and mounted it in the post-boot script alongside running the startup.sh file.
December 18, 2016 at 3:51 am #53727For anyone interested I’ve put a new guide on building DNSCrypt from scratch. https://www.caribmendez.net/2016/12/dnscrypt-and-zeroshell/
December 18, 2016 at 4:14 pm #53728Looking good. I’ve compiled it pending copying to my zeroshell.
One thing to note I think these are in the wrong order..
Run configure & make
./configure –libdir=/Database/dnscrypt/libsodium/lib –enable-static –prefix=/Database/dnscrypt && make
Copy the libsodium header files to the src folder in dnscrypt.
cp /Database/dnscrypt/libsodium/include/sodium.h src/proxy/sodium.h
cp -R /Database/dnscrypt/libsodium/include/sodium src/proxy/sodiumI had to do the two copy lines before ./configure would complete without error?
Also how does CDE get over to the zeroshell machine? The tar doesn’t seem to contain it so I get
/Database/startdnscrypt.sh: line 4: /Database/dnscrypt/cde-exec: No such file or directoryDecember 18, 2016 at 8:28 pm #53729Thanks for the catch. You do need the header and src folder in place before configuring. As for CDE, I wrote that wrong it should be
sudo cde -o ~/dnscrypt /Database/dnscrypt/sbin/dnscrypt-proxy --resolver-name=cisco
Then zip the file at ~/dnscrypt
tar -zcvf ~/dnscrypt.tar ~/dnscrypt
I’ve updated the guide…thanks again[/code]
-
AuthorPosts
You must be logged in to reply to this topic.