Name

dnscrypt-wrapper - A server-side dnscrypt proxy.

Description

This is dnscrypt wrapper (server-side dnscrypt proxy), which helps to add dnscrypt support to any name resolver.

This software is modified from dnscrypt-proxy.

Installation

Install libsodium and libevent2 first.

On Linux:

$ ldconfig # if you install libsodium from source
$ git clone --recursive git://github.com/Cofyc/dnscrypt-wrapper.git
$ make configure
$ ./configure
$ make install

On FreeBSD:

$ pkg_add -r gmake autoconf
$ pkg_add -r libevent2
$ gmake LDFLAGS='-L/usr/local/lib/event2 -L/usr/local/lib' CFLAGS=-I/usr/local/include

On OpenBSD:

$ pkg_add -r gmake autoconf
$ pkg_add -r libevent
$ gmake LDFLAGS='-L/usr/local/lib/' CFLAGS=-I/usr/local/include/

Usage

First, generate provider keypair:

# stored in public.key/secret.key in current directory
$ ./dnscrypt-wrapper --gen-provider-keypair

Second, generate crypt keypair:

# stored in crypt_public.key/crypt_secret.key in current directory
$ ./dnscrypt-wrapper --gen-crypt-keypair

Third, generate pre-signed certificate (use pre-generated key pairs):

# stored in dnscrypt.cert in current directory
$ ./dnscrypt-wrapper --crypt-secretkey-file crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-publickey-file=public.key --provider-secretkey-file=secret.key --gen-cert-file

Run the program with pre-signed certificate:

$ ./dnscrypt-wrapper  -r 8.8.8.8:53 -a 0.0.0.0:54  --crypt-secretkey-file=crypt_secret.key --crypt-publickey-file=crypt_public.key --provider-cert-file=dnscrypt.cert --provider-name=2.dnscrypt-cert.yechengfu.com -VV

If you can store genearted pre-signed certificate (binary string) in TXT record for your provider name, for example: 2.dnscrypt-cert.yourdomain.com. Then you can omit --provider-cert-file option. Name server will serve this binary certificate data for you.

P.S. We still provide --provider-cert-file option, because it's not convenient to store such long binary data in dns TXT record sometimes. But it's easy to configure it in your own dns servers (such as tinydns, etc). --gen-cert-file will generate example record in stdout.

Run dnscrypt-proxy to test againt it:

# --provider-key is public key fingerprint in first step.
$ ./dnscrypt-proxy -a 127.0.0.1:55 --provider-name=2.dnscrypt-cert.yechengfu.com -r 127.0.0.1:54 --provider-key=<provider_public_key_fingerprint>
$ dig -p 55 google.com @127.0.0.1

<provider_public_key_fingerprint> is public key fingerprint generated by ./dnscrypt-wrapper --gen-provider-keypair, e.g. 4298:5F65:C295:DFAE:2BFB:20AD:5C47:F565:78EB:2404:EF83:198C:85DB:68F1:3E33:E952.

Optional, add -d/--daemonize flag to run as daemon.

Run ./dnscrypt-wrapper -h to view command line options.

Name		Name	Last commit message	Last commit date
Latest commit History 120 Commits
argparse @ 2f310ed		argparse @ 2f310ed
misc		misc
.gitignore		.gitignore
.gitmodules		.gitmodules
.travis.yml		.travis.yml
COPYING		COPYING
DOCS		DOCS
Makefile		Makefile
README.md		README.md
TODO		TODO
cert.c		cert.c
cert.h		cert.h
compat.h		compat.h
config.mak.in		config.mak.in
configure.ac		configure.ac
dns-protocol.h		dns-protocol.h
dnscrypt.c		dnscrypt.c
dnscrypt.h		dnscrypt.h
edns.c		edns.c
edns.h		edns.h
format.sh		format.sh
gen-version.sh		gen-version.sh
logger.c		logger.c
logger.h		logger.h
main.c		main.c
pidfile.c		pidfile.c
pidfile.h		pidfile.h
rfc1035.c		rfc1035.c
rfc1035.h		rfc1035.h
safe_rw.c		safe_rw.c
safe_rw.h		safe_rw.h
tcp_request.c		tcp_request.c
tcp_request.h		tcp_request.h
test.sh		test.sh
udp_request.c		udp_request.c
udp_request.h		udp_request.h
version.h		version.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Name

Description

Installation

Usage

See also

About

Releases

Packages

Languages

License

pysiak/dnscrypt-wrapper

Folders and files

Latest commit

History

Repository files navigation

Name

Description

Installation

Usage

See also

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages