DNSCrypt

This topic contains 5 replies, has 0 voices, and was last updated by  drsox 1 year, 11 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #44215

    drsox
    Member

    http://dnscrypt.org/

    https://www.opendns.com/about/innovations/dnscrypt/

    I recently had my ISP do this to me [ZeroShell is set to use OpenDNS and the provider randomly turned on network filtering on port 53 without warning]:
    https://thecomputerperson.files.wordpress.com/2015/02/thanksbt1.png?w=520

    DNSCrypt support, if it existed and I had set it up, would have prevented them from screwing over my broadband and hijacking my DNS requests.

    I would love to see DNSCrypt support or package added 🙂

    Tom – http://www.mouselike.org

    #53724

    drsox
    Member

    Please could this be compiled for ZeroShell 😀 I’ve tried and failed.. I can’t work out how to compile it.

    Tom – http://www.mouselike.org

    #53725

    drsox
    Member

    I cheated and used CDE:

    ######## INSTALLATION ########
    This package should work right away without any need
    to configure anything. It will default to using OpenDNS.

    !!!!!First TAKE A BACKUP OF YOUR PROFILE SO YOU
    !!!!!CAN RESTORE IT IF THINGS GO WRONG

    SSH into ZeroShell and go to the Shell.
    Then run the following commands:

    cd /Database/
    wget 'https://windows.mouselike.org/windows.mouselike.org/share/dnscrypt.tar' -O dnscrypt.tar
    tar -xf dnscrypt.tar
    rm -rf dnscrypt.tar
    ls -l | grep dnscrypt

    Make sure the dnscrypt-cde directory exists!
    drwxrwxrwx 3 root root 4096 Apr 25 14:28 dnscrypt-cde

    Go into ZeroShell and go to:
    1) DNS on the left hand menu
    2) Forwarders along the top menu
    3) Remove any "ANY" entries from the list you already have.
    4) In the Domain box type in ANY
    5) In the Server box type in 0.0.0.0 and click Add
    6) Click Close. (At this point your dns will now break until we get to step 10!)
    7) Setup on the left menu
    8) Scripts/Cron along the top menu
    9) Make sure the "Post Boot" option is selected and add this line at the end

    /Database/dnscrypt-cde/startdnscrypt.sh

    10) Click the TEST button and then close window "Please wait: running the postboot script ..."
    11) Click the tick box in the top right to "Enable" the script.
    12) Click save.

    Your DNS quieries should now be going via dnscrypt.

    ######## IMPORTANT NOTE ########
    Changing the forwarder to 0.0.0.0 allows the startdnscrypt.sh script to
    find and replace the forwarder with the dnscrypt local host IP and port.
    This has to be done because the ZeroShell web interface doesn't allow
    you to enter a custom port for a DNS forwarder and the change has to be
    made manually or via the startdnscrypt.sh script.

    If you make any change to the DNS section or Interface IPs of the ZeroShell
    web interface it will over-write the settings applied by the script and
    probably break your DNS resolution, or at a minimum - make it really slow.
    If you change any of the settings under these screens you should then
    go back and re-run the startdnscrypt.sh script either by ssh or:
    1) Setup on the left menu
    2) Scripts/Cron along the top menu
    3) Make sure the "Post Boot" option is selected
    4) Click the TEST button and then close window "Output of the postboot script"

    ######## SETTINGS ########
    If you would like to change DNSCrypt to use a different provider
    edit the file /Database/dnscrypt-cde/startdnscrypt.sh
    Replace the -R OpenDNS with the name of the provider you wish to use.

    You can find the list of Valid provider names here:
    /Database/dnscrypt-cde/cde-root/Database/dnscrypt/share/dnscrypt-proxy/dnscrypt-resolvers.csv

    ######## UNINSTALLATION ########
    Go back to the DNS Forwarders settings in ZeroShell and remove 0.0.0.0
    Add back in your standard ANY forwarders - if required.
    Go into the Setup --> Scripts section and remove
    /Database/dnscrypt-cde/startdnscrypt.sh
    And click save.

    Then, if you want, remove the folder /Database/dnscrypt-cde from the drive.
    And reboot if you want to remove the remaining running dnscrypt-proxy process
    otherwise it will just disappear upon next restart.

    ######## REFERENCES / THANKS ########
    This version was compiled on CentOS with the following..
    libsodium builds:
    ./configure CC="gcc -static -static-libgcc"
    CXX="g++ -static"
    CPP="gcc -E -static" CXXCPP="g++ -E -static"
    --enable-static --prefix=/Database/dnscrypt/libsodium

    dnscrypt build:
    ./configure CC="gcc -static -static-libgcc"
    CXX="g++ -static"
    CPP="gcc -E -static" CXXCPP="g++ -E -static"
    --enable-static --prefix=/Database/dnscrypt

    Then packaged up using CDE which makes easily portable packages:
    http://www.pgbovine.net/cde.html

    I am not a linux native so there may be far better ways to
    compile and run dnscrypt.. please post your advice to the ZeroShell
    forums.
    https://www.zeroshell.org/forum/viewtopic.php?p=14087

    I hope that the ZeroShell maintainer can add DNSCrypt support natively
    and via the package management feature (or by default! please) some time
    in the future.
    #53726

    gordonf
    Member

    It reminds me of the VMware Tools hack.

    Would putting dnscrypt in its own volume make it usable between profiles? For the vmtools hack I ended up making a partition just for it, and mounted it in the post-boot script alongside running the startup.sh file.

    #53727

    carib
    Member

    For anyone interested I’ve put a new guide on building DNSCrypt from scratch. https://www.caribmendez.net/2016/12/dnscrypt-and-zeroshell/

    #53728

    drsox
    Member

    Looking good. I’ve compiled it pending copying to my zeroshell.

    One thing to note I think these are in the wrong order..
    Run configure & make
    ./configure –libdir=/Database/dnscrypt/libsodium/lib –enable-static –prefix=/Database/dnscrypt && make
    Copy the libsodium header files to the src folder in dnscrypt.
    cp /Database/dnscrypt/libsodium/include/sodium.h src/proxy/sodium.h
    cp -R /Database/dnscrypt/libsodium/include/sodium src/proxy/sodium

    I had to do the two copy lines before ./configure would complete without error?

    Also how does CDE get over to the zeroshell machine? The tar doesn’t seem to contain it so I get
    /Database/startdnscrypt.sh: line 4: /Database/dnscrypt/cde-exec: No such file or directory

    #53729

    carib
    Member

    Thanks for the catch. You do need the header and src folder in place before configuring. As for CDE, I wrote that wrong it should be

    sudo cde -o ~/dnscrypt /Database/dnscrypt/sbin/dnscrypt-proxy --resolver-name=cisco

    Then zip the file at ~/dnscrypt

    tar -zcvf ~/dnscrypt.tar ~/dnscrypt

    I’ve updated the guide…thanks again[/code]

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.