homepage/content/posts/dnscrypt.md

---
title: "DNSCrypt - running the server"
date: 2021-08-06T23:38:45+02:00
draft: false
toc: true
enableGitInfo: true
lastmod: 2022-28-08T17:20:10+02:00
tags: [dnscrypt, dns, privacy, security, censorship]
---

### why are you doing this?
There are many publicly available [open resolvers using DoT, DoH or
DNSCrypt](https://dnscrypt.info/public-servers) just sitting around the
interwebs, waiting to secure the DNS traffic and protect it from whoever is
looking.

However, we have still felt the need to run our own, especially since
DNS is such a critical piece of infrastructure.

And now we're offering it for public use.

### so what is it?
What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
resolver using
[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
Of course, our resolver is available over both IPv4 and IPv6.

### can I haz some plz
> Since the name servers are not (yet) a part of any listing of public
> resolvers, entries have to be added manually.

Paste one or both of the following entries in the `[static]` section of your
`dnscrypt-proxy.toml` configuration file.

IPv4 (`144.91.70.62`)
```toml
[static. 'dnscrypt.dotya.ml-ipv4']
  stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
```

IPv6 (`2a02:c207:2030:396::1`)
```toml
[static. 'dnscrypt.dotya.ml-ipv6']
  stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
```

### Configuration
Files used to set up and run this service can be found here:\
https://git.dotya.ml/dotya.ml/dnscrypt-server.
It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
is handled.
Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass <surtur> * 8f2e192 - about, posts: add dnscrypt <surtur> Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml> Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml> 2021-08-08 00:36:37 +02:00			`---`
content(dnscrypt): partially reword the post 2022-08-28 17:29:07 +02:00			`title: "DNSCrypt - running the server"`
Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass <surtur> * 8f2e192 - about, posts: add dnscrypt <surtur> Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml> Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml> 2021-08-08 00:36:37 +02:00			`date: 2021-08-06T23:38:45+02:00`
			`draft: false`
			`toc: true`
			`enableGitInfo: true`
content(dnscrypt): partially reword the post 2022-08-28 17:29:07 +02:00			`lastmod: 2022-28-08T17:20:10+02:00`
Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass <surtur> * 8f2e192 - about, posts: add dnscrypt <surtur> Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml> Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml> 2021-08-08 00:36:37 +02:00			`tags: [dnscrypt, dns, privacy, security, censorship]`
			`---`

			`### why are you doing this?`
			`There are many publicly available [open resolvers using DoT, DoH or`
content(dnscrypt): partially reword the post 2022-08-28 17:29:07 +02:00			`DNSCrypt](https://dnscrypt.info/public-servers) just sitting around the`
			`interwebs, waiting to secure the DNS traffic and protect it from whoever is`
			`looking.`

			`However, we have still felt the need to run our own, especially since`
			`DNS is such a critical piece of infrastructure.`

			`And now we're offering it for public use.`
Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass <surtur> * 8f2e192 - about, posts: add dnscrypt <surtur> Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml> Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml> 2021-08-08 00:36:37 +02:00
			`### so what is it?`
			`What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS`
			`resolver using`
			`[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.`
content(dnscrypt): partially reword the post 2022-08-28 17:29:07 +02:00			`Of course, our resolver is available over both IPv4 and IPv6.`
Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass <surtur> * 8f2e192 - about, posts: add dnscrypt <surtur> Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml> Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml> 2021-08-08 00:36:37 +02:00
			`### can I haz some plz`
			`> Since the name servers are not (yet) a part of any listing of public`
			`> resolvers, entries have to be added manually.`

			Paste one or both of the following entries in the `[static]` section of your
			`dnscrypt-proxy.toml` configuration file.

			IPv4 (`144.91.70.62`)
			```toml
			`[static. 'dnscrypt.dotya.ml-ipv4']`
			`stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'`
			```

			IPv6 (`2a02:c207:2030:396::1`)
			```toml
			`[static. 'dnscrypt.dotya.ml-ipv6']`
			`stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'`
			```

			`### Configuration`
			`Files used to set up and run this service can be found here:\`
			`https://git.dotya.ml/dotya.ml/dnscrypt-server.`
			It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
			`is handled.`