homepage/content/posts/dnscrypt.md

52 lines
1.8 KiB
Markdown
Raw Normal View History

---
title: "DNSCrypt - running the server"
date: 2021-08-06T23:38:45+02:00
draft: false
toc: true
enableGitInfo: true
lastmod: 2022-28-08T17:20:10+02:00
tags: [dnscrypt, dns, privacy, security, censorship]
---
### why are you doing this?
There are many publicly available [open resolvers using DoT, DoH or
DNSCrypt](https://dnscrypt.info/public-servers) just sitting around the
interwebs, waiting to secure the DNS traffic and protect it from whoever is
looking.
However, we have still felt the need to run our own, especially since
DNS is such a critical piece of infrastructure.
And now we're offering it for public use.
### so what is it?
What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
resolver using
[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
Of course, our resolver is available over both IPv4 and IPv6.
### can I haz some plz
> Since the name servers are not (yet) a part of any listing of public
> resolvers, entries have to be added manually.
Paste one or both of the following entries in the `[static]` section of your
`dnscrypt-proxy.toml` configuration file.
IPv4 (`144.91.70.62`)
```toml
[static. 'dnscrypt.dotya.ml-ipv4']
stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
```
IPv6 (`2a02:c207:2030:396::1`)
```toml
[static. 'dnscrypt.dotya.ml-ipv6']
stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
```
### Configuration
Files used to set up and run this service can be found here:\
https://git.dotya.ml/dotya.ml/dnscrypt-server.
It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
is handled.