dnscrypt server configuration
https://dotya.ml/2021/08/dnscrypt-running-the-server/
| etc | ||
| .gitattributes | ||
| .gitignore | ||
| .yamllint | ||
| LICENSE | ||
| README.md | ||
dnscrypt-server
this repo holds configuration files for dotya.ml's DNSCrypt installation.
what exactly?
- containerised
encrypted-dns - OpenNIC domain support
- test using the awesome
doggo:
doggo --debug --json NS epic. @sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA- example response:
DEBUG[2022-09-01T00:22:23+02:00] initiating DNSCrypt resolver DEBUG[2022-09-01T00:22:23+02:00] Starting doggo 🐶 DEBUG[2022-09-01T00:22:23+02:00] Attempting to resolve domain=epic. nameserver="144.91.70.62:5443" ndots=0 [ { "answers": [ { "name": "epic.", "type": "NS", "class": "IN", "ttl": "86400s", "address": "ns13.opennic.glue.", "status": "", "rtt": "45ms", "nameserver": "144.91.70.62:5443" } ], "authorities": null, "questions": [ { "name": "epic.", "type": "NS", "class": "IN" } ] } ] - test using the awesome
a short asciicast of doggo interacting with our server:
why though
- improved DNS security: DNSSEC-validated responses protected by
DNSCrypt - support for
Anonymized DNSCrypt - DNS neutrality: moar DNS == moar better
- no logging: increased privacy
- easy access to OpenNIC interwebz
- self-hosting is fun
observability
a dashboard (source) is available for conveniently presented performance insights and cache efficiency monitoring, deployed at https://grafana.dotya.ml/d/kX2luvMnz/dnscrypt
TO DO
- automated deployment (preferably using
ansible+drone)
LICENSE
WTFPLv2, see LICENSE for details.