Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:dns:dnscrypt_dnsmasq_dnscrypt-proxy2 [2021/12/17 04:52] – separate lines lastedit | docs:guide-user:services:dns:dnscrypt_dnsmasq_dnscrypt-proxy2 [2024/06/20 13:12] – [Command-line instructions] Disable dnsmasq cache because to avoid double caching dpawlik | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== DNSCrypt with Dnsmasq and dnscrypt-proxy2 ====== | ====== DNSCrypt with Dnsmasq and dnscrypt-proxy2 ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| Line 20: | Line 20: | ||
| # Enable DNS encryption | # Enable DNS encryption | ||
| - | / | + | service |
| uci set dhcp.@dnsmasq[0].noresolv=" | uci set dhcp.@dnsmasq[0].noresolv=" | ||
| uci set dhcp.@dnsmasq[0].localuse=" | uci set dhcp.@dnsmasq[0].localuse=" | ||
| - | uci set dhcp.@dnsmasq[0].boguspriv=" | + | uci set dhcp.@dnsmasq[0].cachesize='0' |
| - | uci set dhcp.@dnsmasq[0].cachesize="0" | + | |
| uci -q delete dhcp.@dnsmasq[0].server | uci -q delete dhcp.@dnsmasq[0].server | ||
| uci add_list dhcp.@dnsmasq[0].server=" | uci add_list dhcp.@dnsmasq[0].server=" | ||
| sed -i "32 s/ | sed -i "32 s/ | ||
| uci commit dhcp | uci commit dhcp | ||
| - | / | + | service |
| - | / | + | service |
| </ | </ | ||
| Line 36: | Line 35: | ||
| Dnsmasq forwards DNS queries to dnscrypt-proxy2 which encrypts DNS traffic. | Dnsmasq forwards DNS queries to dnscrypt-proxy2 which encrypts DNS traffic. | ||
| - | Note: Recommended | + | Note: These are the recommended |
| + | Note: Beware that the distributed configuration includes an activated '' | ||
| ===== Testing ===== | ===== Testing ===== | ||
| {{section> | {{section> | ||
| Line 46: | Line 46: | ||
| <code bash> | <code bash> | ||
| # Restart services | # Restart services | ||
| - | / | + | service |
| # Log and status | # Log and status | ||
| Line 71: | Line 71: | ||
| # First, we need to set up a list of servers to use, example: (you have to change " | # First, we need to set up a list of servers to use, example: (you have to change " | ||
| sed -i "32 s/ | sed -i "32 s/ | ||
| - | / | + | service |
| # Or you can also use only one server, example: | # Or you can also use only one server, example: | ||
| sed -i "32 s/ | sed -i "32 s/ | ||
| - | / | + | service |
| </ | </ | ||
| - | ==== Adblock package + dnscrypt-proxy2 | + | ==== ODoH protocol |
| - | Correctly configure the **DNS backend** option in [[https:// | + | **[[https:// |
| + | Instead of directly sending a query to a target DoH server, | ||
| + | An **ODoH relay** can only communicate with an **ODoH server** and an **ODoH client**. **Relays** can't get responses from a** generic DoH server** that doesn' | ||
| + | You can change the [[https:// | ||
| <code bash> | <code bash> | ||
| - | # Correctly configure Adblock and dnscrypt-proxy2 | + | # Enable ODoH on dnscrypt-proxy2 |
| - | uci set adblock.global.adb_dns="raw" | + | sed -i -e "s/.*odoh_servers.*/ |
| - | uci set adblock.global.adb_dnsdir="/ | + | |
| - | sed -i "s/.*blocked_names_file.*/blocked_names_file | + | # Configure "ODoH servers" |
| - | uci commit adblock | + | odoh_servers=" |
| - | / | + | odoh_relays=" |
| - | / | + | sed -i -e "32 s/.*/ |
| + | service | ||
| </ | </ | ||
| + | |||
| + | More information about **ODoH protocol**: [[https:// | ||
| + | |||
| + | Caveats: The **Oblivious DNS-over-HTTPS** protocol is still a work in progress. Servers and relays may not be very stable. | ||
| + | |||
| + | |||
| + | |||
| + | |||