Compile and install anti-pollution dnscrypt-wrapper build DNS server

Use the dig command to check DNS poisoning

All to known,I want to get them abroad towards LAN DNS information,Will certainly suffer keywordPollution。to this end,Some people thinkUse exception port,For example, instead of using 5353 as the current DNS dedicated port 53-- Girl Friend Wall Only 53 pollution;It was also thought of using a TCP connection request,Because DNS response mechanism参考 DHCPI decided itResponse to accept a return of,Behind will be discarded,The use of TCP is forced to accept the selected data packets;Some people even thought of the IP addresses that send packets collected pollution,Then filtered at the client - blacklist,So that the final will receive the correct response packet。

In short,These are not what long-term solution,use OpenDNS Exhibition basis dnscrypt It is a good choice,It adds encryption options on the basis of the DNS,Let your DNS request can be like using ssl Like the server requests encryption,Thus begins fundamentally eliminate the pollution problem DNS。

So the question is,Even if you are using a dnscrypt,But the server IP has been certified it? The answer is - this isNot to force more and more recently dnscrypts reason。Other,OpenDNS Although fiddle out of such stuff to the force,But they did not disclose the service side - that means you have to use a limited number of overseas server,Fast speed absolutely no where to go。

So,I gave a big God according to dnscrypt Client server write Niubi shining -dnscrypt-wrapper

We can now build a server outside your own dnscrypt server,Local to connect just fine - you can choose a speed faster vps。

Start Tutorial

As a demonstration,Here is my server ubuntu 14.04.

Compile and install dependent library files

dnscrypt-wrapper rely libsodium and libevent2;The former general has no source,The latter is generally the default version 2 but not older 1,We have to comeManually compileBoth libraries。

WeHereDownload libsodium The latest version ,As of this complete,The latest version1.0.2 1.0.10:

Then weHereDownload libevent2 ,Here we choose 2.0.22 stable version:

Compile dnscrypt-wrapper

Get after two dependent libraries,You can start to compile dnscrypt-wrapper Now:

This step if you fail to make configure,You may need to install the autoconfig:

If no problem,Then you can begin to build and install a:

So far compiled。

Configuration and use of dnscrypt-wrapper

Here a fingerprint information feedback system,This information is the client configuration when needed. "provider_public_key"! So be sure to keep。

Similar like this:

then,We use the command to generate a time-limited encryption key and generating the pre-signed certificate:

Such,dnscrypt-wrapper It ready。

Use the command to run dnscrypt-wrapper,use"-VV"To display more detailed debug information:

one of them --provider-name= And unnecessary,You can easily fill,But attention must be based on 2.dnscrypt-cert. beginning:)

Then go home to install the client vps:

After installation configure the look:

After you save using the following commands to restart the client service,If your port is not out of line and firewall,The server side should be able to see the debug information,Clients have access to representation。

Use command to test:

Repeated command,They are found to have the same IP and is truly the correct IP address,Your services。

Create script

Each time the command is somewhat inconvenient to directly run,Even using the "-d" to the background,Like people feel unwell,We use the shell to create one dnscrypt-wrapper script。

After only need to use sh You can be started。

- Close As Well,Use the command "killall dnscrypt-wrapper”。

Further reading:

Original article written by Gerber drop-off:R0uter's Blog » Compile and install anti-pollution dnscrypt-wrapper build DNS server

Reproduced Please keep the source and description link:

By R0uter's Blog

The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。


    1. Really need a domestic vps as DNS 53 Port Server,I am here primarily to give any equipment (especially mobile end),If you only use one computer on your own,Since then the local client and then set the DNS address for the loopback can。In fact, you can refer to my latest articles,DoT DoH addition DNSCrypt,You can also learn more about the DNS encryption scheme These are a good solution for DNS,Any device can be implemented using DNS (or according to your needs as described herein architecture,In the local computer directly from the client,Convenient ~)

Leave a comment

Your email address will not be published. Required fields are marked *