2015-05-30 15:21:24 +02:00
|
|
|
dnscrypt
|
|
|
|
========
|
|
|
|
|
|
|
|
## About
|
|
|
|
|
|
|
|
- `dnscrypt-wrapper` - A server-side dnscrypt proxy.
|
|
|
|
- `dnscrypt-proxy` - A protocol for securing communications between a client and a DNS resolver.
|
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
## Config
|
2015-05-30 15:21:24 +02:00
|
|
|
|
|
|
|
wrapper:
|
|
|
|
image: vimagick/dnscrypt-wrapper
|
|
|
|
ports:
|
|
|
|
- "443:443/udp"
|
|
|
|
- "443:443/tcp"
|
2015-05-30 16:22:28 +02:00
|
|
|
environment:
|
|
|
|
- LISTEN_ADDR=0.0.0.0:443
|
|
|
|
- RESOLVER_ADDR=8.8.8.8:53
|
|
|
|
- PROVIDER_NAME=2.dnscrypt-cert.datageek.info
|
2015-05-30 15:21:24 +02:00
|
|
|
restart: always
|
|
|
|
|
|
|
|
proxy:
|
|
|
|
image: vimagick/dnscrypt-proxy
|
|
|
|
ports:
|
|
|
|
- "53:53/udp"
|
|
|
|
- "53:53/tcp"
|
2015-05-30 16:22:28 +02:00
|
|
|
environment:
|
|
|
|
- LISTEN_ADDR=0.0.0.0:443
|
|
|
|
- RESOLVER_ADDR=1.2.3.4:443
|
|
|
|
- PROVIDER_NAME=2.dnscrypt-cert.datageek.info
|
|
|
|
- PROVIDER_KEY=4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
|
2015-05-30 15:21:24 +02:00
|
|
|
restart: always
|
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
> `RESOLVER_ADDR` is server public ip address.
|
2015-05-30 15:21:24 +02:00
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
## Server
|
2015-05-30 15:21:24 +02:00
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
$ cd dnscrypt
|
|
|
|
$ fig up -d wrapper
|
2015-07-16 19:34:44 +02:00
|
|
|
$ docker exec -it dnscrypt_wrapper_1 cat README.txt
|
2015-05-30 16:22:28 +02:00
|
|
|
Public key fingerprint: 4C29:9CEB:CF8D:4612:48A8:B2F2:3B6F:A046:EBF5:2F2B:6433:27C6:5F3A:88F5:495E:3075
|
2015-05-30 15:21:24 +02:00
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
## Client
|
2015-05-30 15:21:24 +02:00
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
$ cd dnscrypt
|
|
|
|
$ fig up -d proxy
|
|
|
|
$ dig @127.0.0.1 www.google.com
|
|
|
|
$ dig @127.0.0.1 www.youtube.com +tcp
|
2015-05-30 15:21:24 +02:00
|
|
|
|
2015-05-30 16:22:28 +02:00
|
|
|
## Note
|
|
|
|
|
|
|
|
You'd better to use `vimagick/dnscrypt-proxy` as backend of `dnsmasq` or `pdnsd` for better performance.
|
|
|
|
|
|
|
|
Please read [this](https://github.com/Cofyc/dnscrypt-wrapper) to re-generate keys!
|