dnscrypt multiple resolvers setup

10 files changed, 103 insertions, 0 deletions

diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf
new file mode 100644
index 0000000..b099886
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf
@@ -0,0 +1,3 @@
+ResolverName cs-usnorth
+Daemonize no
+LocalAddress 0.0.0.0:5353
diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf
new file mode 100644
index 0000000..cbd8c40
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf
@@ -0,0 +1,3 @@
+ResolverName cs-useast
+Daemonize no
+LocalAddress 0.0.0.0:5354
diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf
new file mode 100644
index 0000000..3f2ac93
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf
@@ -0,0 +1,3 @@
+ResolverName cs-ussouth
+Daemonize no
+LocalAddress 0.0.0.0:5355
diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf
new file mode 100644
index 0000000..de9752f
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf
@@ -0,0 +1,3 @@
+ResolverName cs-ussouth2
+Daemonize no
+LocalAddress 0.0.0.0:5356
diff --git a/dnscrypt-multiple-resolvers/etc/unbound.conf b/dnscrypt-multiple-resolvers/etc/unbound.conf
new file mode 100644
index 0000000..a7c31a0
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/etc/unbound.conf
@@ -0,0 +1,23 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+## me ### include: "/etc/unbound/unbound.conf.d/*.conf"
+
+server:
+  #auto-trust-anchor-file: "/var/lib/unbound/root.key"  # seems like my dnscrypt server do no support DNSSEC, so I can't enable this
+  #interface: 0.0.0.0
+
+do-not-query-localhost: no
+forward-zone:
+  name: "."
+  forward-addr: 127.0.0.1@5353
+  forward-addr: 127.0.0.1@5354
+  forward-addr: 127.0.0.1@5355
+  forward-addr: 127.0.0.1@5356
+
diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service
new file mode 100644
index 0000000..f368c99
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=DNSCrypt client proxy
+Documentation=man:dnscrypt-proxy(8)
+Requires=dnscrypt-proxy@%i.socket
+After=network.target
+Before=nss-lookup.target
+
+[Install]
+#Also=dnscrypt-proxy@%i.socket   # caused: Failed to execute operation: Invalid argument while 'systemctl enable...'
+WantedBy=multi-user.target
+
+[Service]
+Type=notify
+NonBlocking=true
+User=_dnscrypt-proxy
+ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy%i.conf
+Restart=always
+#ProtectSystem=strict
+#ProtectHome=true
+#ProtectKernelModules=true
+#ProtectKernelTunables=true
+#ProtectControlGroups=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket
new file mode 100644
index 0000000..a5ac491
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=dnscrypt-proxy listening socket
+Documentation=man:dnscrypt-proxy(8)
+#Wants=dnscrypt-proxy-resolvconf.service
+
+[Socket]
+ListenStream=0.0.0.0:5353
+ListenDatagram=0.0.0.0:5353
+
+[Install]
+WantedBy=sockets.target
diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket
new file mode 100644
index 0000000..b4dde04
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=dnscrypt-proxy listening socket
+Documentation=man:dnscrypt-proxy(8)
+#Wants=dnscrypt-proxy-resolvconf.service
+
+[Socket]
+ListenStream=0.0.0.0:5354
+ListenDatagram=0.0.0.0:5354
+
+[Install]
+WantedBy=sockets.target
diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket
new file mode 100644
index 0000000..a1ee079
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=dnscrypt-proxy listening socket
+Documentation=man:dnscrypt-proxy(8)
+#Wants=dnscrypt-proxy-resolvconf.service
+
+[Socket]
+ListenStream=0.0.0.0:5355
+ListenDatagram=0.0.0.0:5355
+
+[Install]
+WantedBy=sockets.target
diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket
new file mode 100644
index 0000000..cf1b9e5
--- /dev/null
+++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=dnscrypt-proxy listening socket
+Documentation=man:dnscrypt-proxy(8)
+#Wants=dnscrypt-proxy-resolvconf.service
+
+[Socket]
+ListenStream=0.0.0.0:5356
+ListenDatagram=0.0.0.0:5356
+
+[Install]
+WantedBy=sockets.target