homepage/content/posts/dnscrypt.md
surtur 6923776886
All checks were successful
continuous-integration/drone/push Build is passing
content(dnscrypt): partially reword the post
2022-08-28 17:29:07 +02:00

1.8 KiB

title date draft toc enableGitInfo lastmod tags
DNSCrypt - running the server 2021-08-06T23:38:45+02:00 false true true 2022-28-08T17:20:10+02:00
dnscrypt
dns
privacy
security
censorship

why are you doing this?

There are many publicly available open resolvers using DoT, DoH or DNSCrypt just sitting around the interwebs, waiting to secure the DNS traffic and protect it from whoever is looking.

However, we have still felt the need to run our own, especially since DNS is such a critical piece of infrastructure.

And now we're offering it for public use.

so what is it?

What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver using dnscrypt-server-docker project. Of course, our resolver is available over both IPv4 and IPv6.

can I haz some plz

Since the name servers are not (yet) a part of any listing of public resolvers, entries have to be added manually.

Paste one or both of the following entries in the [static] section of your dnscrypt-proxy.toml configuration file.

IPv4 (144.91.70.62)

[static. 'dnscrypt.dotya.ml-ipv4']
  stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'

IPv6 (2a02:c207:2030:396::1)

[static. 'dnscrypt.dotya.ml-ipv6']
  stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'

Configuration

Files used to set up and run this service can be found here:
https://git.dotya.ml/dotya.ml/dnscrypt-server. It's a docker-compose setup managed with systemd, similar to how Drone CI is handled.