Software Request: DNSCrypt-Proxy

Suggestions for features and software you would like to see in DietPi, goes here.
Post Reply
rainer

Software Request: DNSCrypt-Proxy

Post by rainer »

Hello!

I'm quite new to this forum, I stumbled across dietpi, because I wanted to set up a PIHOLE, and there is the suggestion of installing Dietpi. I like the bistro very much.

So I've set up my Pihole in combination with a DNSCrypt-Proxy, following the instructions on this page:

https://github.com/jedisct1/dnscrypt-proxy

I find it a quite good combination, so I guess there would be more people interested, but probably afraid of compiling from source.

By the way only obstacle I got with this setup is when I wanna update dietpi, I gotta set an 3rd party name server, because all services are shut down and so also dnscrypt-proxy.


By the way it would be great if somebody could give me a hint where and what to edit, so I see DNSCrypt Proxy start and stop in diet-pi routines, because as far as I observed it is stopped and restarted during software updates, ...

Thanks, Rainer
User avatar
k-plan
Posts: 416
Joined: Sun Feb 28, 2016 5:28 pm

Re: Software Request: DNSCrypt-Proxy

Post by k-plan »

Hi rainer,
rainer wrote:By the way it would be great if somebody could give me a hint where and what to edit, so I see DNSCrypt Proxy start and stop in diet-pi routines,
don't know how you install and start dnscrypt.

But you can do:

- look with

Code: Select all

htop
for the name of the running process
htop
htop
- look how dietpi start services: https://github.com/Fourdee/DietPi/blob/ ... rvices#L24

- edit:

Code: Select all

:~# nano /DietPi/dietpi/dietpi-services
and add service name in quotes at the end of the list

- result (in my chase running pihole with dnsmasq and dnscrypt-proxy):
dietpi-services
dietpi-services
cu
k-plan
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal and Bitcoin.
screwdriver

Re: Software Request: DNSCrypt-Proxy

Post by screwdriver »

Sorry the necropost, but I just installed dnscrypt on my raspi with dietpi and pihole and wanted to share my experience to give feedback for:
https://github.com/Fourdee/DietPi/issues/163

First of all there is a nice howto on pihole wiki
https://github.com/pi-hole/pi-hole/wiki/DNSCrypt

but I find an easier way here
https://blog.milne.it/2017/02/05/dnscry ... an-jessie/

it's really simple; just replace jessie with stretch in

Code: Select all

sed -i 's/jessie/stretch/' /etc/apt/sources.list
apt-get update
apt-get install dnscrypt-proxy
sed -i 's/stretch/jessie/' /etc/apt/sources.list
apt-get update
it will install only three packages: libltdl7 libsodium18 dnscrypt-proxy
after that you can read the guide from pi-hole.
Because I used opennic dns I share my experiance

Code: Select all

cp -t /etc/systemd/system/ --  /lib/systemd/system/dnscrypt-proxy.s*
edit the two files:
dnscrypt-proxy.socket

Code: Select all

[Unit]
Description=dnscrypt-proxy listening socket
Documentation=man:dnscrypt-proxy(8)
Wants=dnscrypt-proxy-resolvconf.service

[Socket]
ListenStream=127.10.10.1:41
ListenDatagram=127.10.10.1:41

[Install]
WantedBy=sockets.target
because 53 was used by dnsmasq of pihole

dnscrypt-proxy.service

Code: Select all

[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

[Service]
Type=simple
NonBlocking=true
User=_dnscrypt-proxy
ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy.conf
Restart=always
dnscrypt-proxy.service from /lib/systemd/system/ had more options

Code: Select all

[Unit]
Description=DNSCrypt client proxy
Documentation=man:dnscrypt-proxy(8)
Requires=dnscrypt-proxy.socket
After=network.target
Before=nss-lookup.target

[Install]
Also=dnscrypt-proxy.socket
WantedBy=multi-user.target

[Service]
Type=notify
NonBlocking=true
User=_dnscrypt-proxy
ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy.conf
Restart=always
ProtectSystem=strict
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
but probably because an old version of systemd they were not recognized.

/etc/dnscrypt-proxy/dnscrypt-proxy.conf

Code: Select all

# A more comprehensive example config can be found in
# /usr/share/doc/dnscrypt-proxy/examples/dnscrypt-proxy.conf


## Manual settings, only for a custom resolver not present in the CSV file
## this DNS -  https://servers.opennicproject.org/edit.php?srv=ns7.nh.nl.dns.opennic.glue

ProviderName 	2.dnscrypt-cert.opennic.peer3.famicoman.phillymesh.net
ProviderKey     B88F:4860:5517:3696:A3D2:BFE0:ECC7:6175:198F:E012:E101:B4FE:869C:1E9C:4C35:E74F
ResolverAddress 146.185.176.36:5353
#ResolverName random

## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
## run the server as a less-privileged system user.
## The value for this parameter is a user name.

#User _dnscrypt-proxy
For reason I don't know User option did'n work (some error about can't access the $HOME, even if it was a valid directory with right permissions).

After that is just a

Code: Select all

systemctl enable dnscrypt-proxy.service
systemctl start dnscrypt-proxy.service
and to check if it's working

Code: Select all

systemctl status dnscrypt-proxy.service
journalctl -u dnscrypt-proxy.service -b
Remember to change DNSMasq config as explained here
https://github.com/pi-hole/pi-hole/wiki/DNSCrypt


Final consideration

whene dietpi stretch will be released dnscrypt could be easily integrated or could be a replacement for pihole with its filtering capabilities
https://github.com/jedisct1/dnscrypt-pr ... /Filtering even if:
Contrary to other systems, responses to blacklisted queries do not contain fake IP addresses, but use the standard REFUSED DNS error code.
maput

Re: Software Request: DNSCrypt-Proxy

Post by maput »

Hi,

just finish install dnscrypt, but no luck. :?
dnscrypt is no running on startup, i have to run manually.
but dnscrypt is not creating 02-dnscrypt.conf on /etc/dnsmasq.d/ like usual.

i tried to edit /usr/local/etc/dnscrypt-proxy.conf
i got this error

Code: Select all

root@DietPi:~# systemctl status dnscrypt-proxy@d0wn-sg-ns1.service
● dnscrypt-proxy@d0wn-sg-ns1.service - DNSCrypt client proxy
   Loaded: loaded (/lib/systemd/system/dnscrypt-proxy@.service; enabled)
   Active: active (running) since Mon 2017-05-29 08:55:42 BST; 19h ago
     Docs: man:dnscrypt-proxy(8)
 Main PID: 545 (dnscrypt-proxy)
   CGroup: /system.slice/system-dnscrypt\x2dproxy.slice/dnscrypt-proxy@d0wn-sg-ns1.service
           └─545 /usr/local/sbin/dnscrypt-proxy --resolver-name=d0wn-sg-ns1 --user=dnscrypt

May 30 04:21:10 DietPi dnscrypt-proxy[545]: Tue May 30 04:21:10 2017 [INFO] Refetching server certificates
May 30 04:21:25 DietPi dnscrypt-proxy[545]: Tue May 30 04:21:25 2017 [ERROR] Unable to retrieve server certificates
May 30 04:26:25 DietPi dnscrypt-proxy[545]: Tue May 30 04:26:25 2017 [INFO] Refetching server certificates
May 30 04:26:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:26:40 2017 [ERROR] Unable to retrieve server certificates
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [INFO] Refetching server certificates
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [INFO] Server certificate with serial #1496109361 received
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [INFO] This certificate is valid
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [INFO] Chosen certificate #1496109361 is valid fr...05-31]
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [INFO] Server key fingerprint is 9A4D:EFA5:D33D:B...6:5E22
May 30 04:31:40 DietPi dnscrypt-proxy[545]: Tue May 30 04:31:40 2017 [NOTICE] Proxying from 127.10.10.1:41 to 128.199....05:443
i am following guide on piho-le wiki for dnscrypt guide.
Any helps really appreciate :D
:D
derebo
Posts: 1
Joined: Thu Dec 28, 2017 11:49 pm

Re: Software Request: DNSCrypt-Proxy

Post by derebo »

Hello,

Is there any change DNSCrypt will become part of the DietPi software bundle?

I think the DietPi community would benefit. Even more, openvpn+dnscrypt seem to be the perfect match. Opinions are welcome, of course.

Thank you and regards,
Post Reply