PDA

View Full Version : Dnscrypt Installation



leigh123linux
12th November 2013, 07:01 PM
I have made some x86_64 packages and include the srpm's for those who use i686 or EOL.

It's real easy to use.

1. install libsodium and dnscrypt rpms
2. run


su
systemctl enable dnscrypt.service
systemctl restart dnscrypt.service
systemctl status dnscrypt.service3. Change your system DNS server to 127.0.0.1. There are many ways to do this. The adventurous can edit the appropriate script in /etc/sysconfig/network-scripts/. If you don't have NetworkManager installed, editing /etc/resolv.conf would work too. Gnome users: click on the network icon, click 'Network Settings', select the connection and click 'Options'. Then in the 'IPv4 Settings' tab, set the 'Method' to 'Automatic (DHCP) Addresses Only' and type in 127.0.0.1 in the 'DNS Servers' text box.

4. Now you can verify that the changes have taken effect by running dig google.com and checking the output for the line: SERVER: 127.0.0.1#53(127.0.0.1). Alternatively, navigate to http://www.opendns.com/welcome/ using a web browser. The screen will tell you whether you are using OpenDNS or not.

leigh123linux
13th November 2013, 10:00 AM
The F20 packages also work on F19.

Here's some i686 packages

firefexx
13th November 2013, 06:58 PM
Are you out to package them for the official repos? Because there is an review request for libsodium, but nobody's currently supporting it. https://bugzilla.redhat.com/show_bug.cgi?id=990423

leigh123linux
13th November 2013, 11:40 PM
Are you out to package them for the official repos? Because there is an review request for libsodium, but nobody's currently supporting it. https://bugzilla.redhat.com/show_bug.cgi?id=990423


I haven't got time for any legal crap and will wait till the request fails.

https://bugzilla.redhat.com/show_bug.cgi?id=990423#c5

Once failed I will consider packaging them at rpmfusion :)

firefexx
14th November 2013, 11:44 AM
Ok. But I'm not sure if it will fail. Some elliptic curve patents recently expired and openssl and similar libs are just recompiled with ECC enabled. Additionally, libsodium is a fork of nacl which already is in the official repo. And the author of the lib is convinced that it does not hurt any patents.

However, lets wait until something change. If the library will be included in a repo anytime, I'm happy :P

danofsatx
19th November 2013, 02:36 AM
Leigh, how do I get dnscrypt to work with ipv6?

I ran the command on the dnscrypt homepage:


# dnscrypt-proxy --local-address='[::1]' --daemonize

but it's not working. I have a fully operational IIPv6 stack on AT&T Uverse, so I know that works. But I can't get dnscrypt to work with it.

leigh123linux
19th November 2013, 09:23 AM
Leigh, how do I get dnscrypt to work with ipv6?

I ran the command on the dnscrypt homepage:


# dnscrypt-proxy --local-address='[::1]' --daemonizebut it's not working. I have a fully operational IIPv6 stack on AT&T Uverse, so I know that works. But I can't get dnscrypt to work with it.
Did you do step 3: for ipv6 as well?

I don't have any ipv6 here in the UK :(

danofsatx
19th November 2013, 11:07 PM
What's step 3? the dnscrypt.org page has one paragraph - a sentence saying IPv6 is supported, and that code snippit below it. I'll look over the dnscrypt stuff on opendns and see what I can find there.