-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathdns
36 lines (25 loc) · 1.09 KB
/
dns
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
(stolen from layerprox)
i would recommend reading this:
https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver
DNS OVER TOR ON DEBIAN
original link -> https://web.archive.org/web/20141005152228/https://labs.nic.cz/page/993/dnssec-validation-over-tor--linux-/
how to:
#test the dns server u wanna use
dig +tcp +dnssec labs.nic.cz @213.73.91.35 | grep -C 1 ';; flags'
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34315
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 10
#run in the background
socat TCP4-LISTEN:5353,bind=localhost,reuseaddr,fork SOCKS4A:localhost:213.73.91.35:53,socksport=9050
#does it work?
dig -p 5353 +tcp +dnssec labs.nic.cz @localhost
---------------------
edit /etc/unbound/unbound.conf:
forward-zone:
name: "."
forward-addr: 0.0.0.0@5353
----------------------
A huge part in securing the server will be to secure
all dns requests so we need to implement encryption and use "safe" dns servers
i went with ccc's(chaos computer club) and danish uncensorded dns:
213.73.91.35 (dnscache.berlin.ccc.de)
91.239.100.100 anycast.censurfridns.dk