dnscrypt server configuration https://dotya.ml/posts/dnscrypt/
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
surtur 87100d9978
chore: reorganise repo structure, add all configs
5 months ago
etc chore: reorganise repo structure, add all configs 5 months ago
.gitattributes chore: reorganise repo structure, add all configs 5 months ago
.gitignore chore: reorganise repo structure, add all configs 5 months ago
.yamllint chore: reorganise repo structure, add all configs 5 months ago
LICENSE chore: reorganise repo structure, add all configs 5 months ago
README.md chore: reorganise repo structure, add all configs 5 months ago

README.md

dnscrypt-server

this repo holds configuration files for dotya.ml's DNSCrypt installation.

what exactly?

  • containerised encrypted-dns
  • OpenNIC domain support
    • test using the awesome doggo:
    doggo --debug --json NS epic. @sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA
    
    • example response:
    DEBUG[2022-09-01T00:22:23+02:00] initiating DNSCrypt resolver
    
    DEBUG[2022-09-01T00:22:23+02:00] Starting doggo 🐶
    
    DEBUG[2022-09-01T00:22:23+02:00] Attempting to resolve domain=epic. nameserver="144.91.70.62:5443" ndots=0
    [
        {
            "answers": [
                {
                    "name": "epic.",
                    "type": "NS",
                    "class": "IN",
                    "ttl": "86400s",
                    "address": "ns13.opennic.glue.",
                    "status": "",
                    "rtt": "45ms",
                    "nameserver": "144.91.70.62:5443"
                }
            ],
            "authorities": null,
            "questions": [
                {
                    "name": "epic.",
                    "type": "NS",
                    "class": "IN"
                }
            ]
        }
    ]
    

a short asciicast of doggo interacting with our server: asciicast

why though

  • improved DNS security: DNSSEC-validated responses protected by DNSCrypt
  • support for Anonymized DNSCrypt
  • DNS neutrality: moar DNS == moar better
  • no logging: increased privacy
  • easy access to OpenNIC interwebz
  • self-hosting is fun

observability

a dashboard (source) is available for conveniently presented performance insights and cache efficiency monitoring, deployed at https://grafana.dotya.ml/d/kX2luvMnz/dnscrypt

TO DO

  • automated deployment (preferably using ansible + drone)

LICENSE

WTFPLv2, see LICENSE for details.