From: Maciej Soltysiak <maciej@soltysiak.com>
To: Aristar <LeetMiniWheat@gmail.com>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Upgraded to 3.10.38-1, DNS issues?
Date: Mon, 12 May 2014 10:09:29 +0200 [thread overview]
Message-ID: <CAMZR1YAK7wXQAwwaZYaLwc0p0ydLRaHg7dwbThCX+9ZayE7eYQ@mail.gmail.com> (raw)
In-Reply-To: <CAGHZhqEVLc3vAj7+j225BM_SW3c4KQouwy9c_62E5d2KGG0SFQ@mail.gmail.com>
On Sat, May 10, 2014 at 8:42 PM, Aristar <LeetMiniWheat@gmail.com> wrote:
> dnscrypt-proxy is working great though (without needing a resolv
> file), it runs as a daemon and sets up an encrypted connection to
> OpenDNS servers which you then specifcy 127.0.0.1#2053 for dns
> forwarding. I suggested this be added to CeroWRT awhile ago but there
> wasn't much interest, nor any official packages available, though that
> thread I linked above in this thread has a repository and a maintainer
> in the forum thread with a source repo.
I think I expressed my interest too. I have dnscrypt-proxy running for
quite a while on Cero.
Not on latest cero though.
I consider it to be a very nice setup:
- dnsmasq handles dhcp and static assignments, acts faux authoritative
for domains I want to return NXDOMAIN and acts as local cache
- dnsmasq fowards everything else to local dnscrypt-proxy which sends
encrypted queries to a dnscrypt resolver at the other end (somewhere
over the cloud, 8ms away) which I control and which resolves queries
via unbound. Supports DNSSEC, keeps no logs and has experimental
support for Namecoin's .bit domains.
- I plug the DNS hole in cero's iptables so that no unencrypted DNS
traffic leaves the box.
I thought I've seen a github commit to add dnscrypt-proxy to cero, did
I see wrong?
Best regards,
Maciej
next prev parent reply other threads:[~2014-05-12 8:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 9:34 Aristar
2014-05-09 16:17 ` Aristar
2014-05-10 12:15 ` Robert Bradley
2014-05-11 21:46 ` Robert Bradley
2014-05-11 21:48 ` Robert Bradley
2014-05-10 18:42 ` Aristar
2014-05-12 8:09 ` Maciej Soltysiak [this message]
2014-05-11 11:54 ` Sebastian Moeller
2014-05-11 12:14 ` Aristar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMZR1YAK7wXQAwwaZYaLwc0p0ydLRaHg7dwbThCX+9ZayE7eYQ@mail.gmail.com \
--to=maciej@soltysiak.com \
--cc=LeetMiniWheat@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox