From 25eba7bb7ec22fb8eccef2bf47392c6959b80f2d Mon Sep 17 00:00:00 2001 From: Kyle K Date: Fri, 9 Jun 2017 01:18:50 -0500 Subject: dnscrypt multiple resolvers setup --- .../etc/dnscrypt-proxy/dnscrypt-proxy1.conf | 3 +++ .../etc/dnscrypt-proxy/dnscrypt-proxy2.conf | 3 +++ .../etc/dnscrypt-proxy/dnscrypt-proxy3.conf | 3 +++ .../etc/dnscrypt-proxy/dnscrypt-proxy4.conf | 3 +++ dnscrypt-multiple-resolvers/etc/unbound.conf | 23 +++++++++++++++++++++ .../lib/systemd/system/dnscrypt-proxy@.service | 24 ++++++++++++++++++++++ .../lib/systemd/system/dnscrypt-proxy@1.socket | 11 ++++++++++ .../lib/systemd/system/dnscrypt-proxy@2.socket | 11 ++++++++++ .../lib/systemd/system/dnscrypt-proxy@3.socket | 11 ++++++++++ .../lib/systemd/system/dnscrypt-proxy@4.socket | 11 ++++++++++ 10 files changed, 103 insertions(+) create mode 100644 dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf create mode 100644 dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf create mode 100644 dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf create mode 100644 dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf create mode 100644 dnscrypt-multiple-resolvers/etc/unbound.conf create mode 100644 dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service create mode 100644 dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket create mode 100644 dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket create mode 100644 dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket create mode 100644 dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket (limited to 'dnscrypt-multiple-resolvers') diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf new file mode 100644 index 0000000..b099886 --- /dev/null +++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy1.conf @@ -0,0 +1,3 @@ +ResolverName cs-usnorth +Daemonize no +LocalAddress 0.0.0.0:5353 diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf new file mode 100644 index 0000000..cbd8c40 --- /dev/null +++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy2.conf @@ -0,0 +1,3 @@ +ResolverName cs-useast +Daemonize no +LocalAddress 0.0.0.0:5354 diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf new file mode 100644 index 0000000..3f2ac93 --- /dev/null +++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy3.conf @@ -0,0 +1,3 @@ +ResolverName cs-ussouth +Daemonize no +LocalAddress 0.0.0.0:5355 diff --git a/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf new file mode 100644 index 0000000..de9752f --- /dev/null +++ b/dnscrypt-multiple-resolvers/etc/dnscrypt-proxy/dnscrypt-proxy4.conf @@ -0,0 +1,3 @@ +ResolverName cs-ussouth2 +Daemonize no +LocalAddress 0.0.0.0:5356 diff --git a/dnscrypt-multiple-resolvers/etc/unbound.conf b/dnscrypt-multiple-resolvers/etc/unbound.conf new file mode 100644 index 0000000..a7c31a0 --- /dev/null +++ b/dnscrypt-multiple-resolvers/etc/unbound.conf @@ -0,0 +1,23 @@ +# Unbound configuration file for Debian. +# +# See the unbound.conf(5) man page. +# +# See /usr/share/doc/unbound/examples/unbound.conf for a commented +# reference config file. +# +# The following line includes additional configuration files from the +# /etc/unbound/unbound.conf.d directory. +## me ### include: "/etc/unbound/unbound.conf.d/*.conf" + +server: + #auto-trust-anchor-file: "/var/lib/unbound/root.key" # seems like my dnscrypt server do no support DNSSEC, so I can't enable this + #interface: 0.0.0.0 + +do-not-query-localhost: no +forward-zone: + name: "." + forward-addr: 127.0.0.1@5353 + forward-addr: 127.0.0.1@5354 + forward-addr: 127.0.0.1@5355 + forward-addr: 127.0.0.1@5356 + diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service new file mode 100644 index 0000000..f368c99 --- /dev/null +++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@.service @@ -0,0 +1,24 @@ +[Unit] +Description=DNSCrypt client proxy +Documentation=man:dnscrypt-proxy(8) +Requires=dnscrypt-proxy@%i.socket +After=network.target +Before=nss-lookup.target + +[Install] +#Also=dnscrypt-proxy@%i.socket # caused: Failed to execute operation: Invalid argument while 'systemctl enable...' +WantedBy=multi-user.target + +[Service] +Type=notify +NonBlocking=true +User=_dnscrypt-proxy +ExecStart=/usr/sbin/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy%i.conf +Restart=always +#ProtectSystem=strict +#ProtectHome=true +#ProtectKernelModules=true +#ProtectKernelTunables=true +#ProtectControlGroups=true +#MemoryDenyWriteExecute=true +#RestrictRealtime=true diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket new file mode 100644 index 0000000..a5ac491 --- /dev/null +++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@1.socket @@ -0,0 +1,11 @@ +[Unit] +Description=dnscrypt-proxy listening socket +Documentation=man:dnscrypt-proxy(8) +#Wants=dnscrypt-proxy-resolvconf.service + +[Socket] +ListenStream=0.0.0.0:5353 +ListenDatagram=0.0.0.0:5353 + +[Install] +WantedBy=sockets.target diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket new file mode 100644 index 0000000..b4dde04 --- /dev/null +++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@2.socket @@ -0,0 +1,11 @@ +[Unit] +Description=dnscrypt-proxy listening socket +Documentation=man:dnscrypt-proxy(8) +#Wants=dnscrypt-proxy-resolvconf.service + +[Socket] +ListenStream=0.0.0.0:5354 +ListenDatagram=0.0.0.0:5354 + +[Install] +WantedBy=sockets.target diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket new file mode 100644 index 0000000..a1ee079 --- /dev/null +++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@3.socket @@ -0,0 +1,11 @@ +[Unit] +Description=dnscrypt-proxy listening socket +Documentation=man:dnscrypt-proxy(8) +#Wants=dnscrypt-proxy-resolvconf.service + +[Socket] +ListenStream=0.0.0.0:5355 +ListenDatagram=0.0.0.0:5355 + +[Install] +WantedBy=sockets.target diff --git a/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket new file mode 100644 index 0000000..cf1b9e5 --- /dev/null +++ b/dnscrypt-multiple-resolvers/lib/systemd/system/dnscrypt-proxy@4.socket @@ -0,0 +1,11 @@ +[Unit] +Description=dnscrypt-proxy listening socket +Documentation=man:dnscrypt-proxy(8) +#Wants=dnscrypt-proxy-resolvconf.service + +[Socket] +ListenStream=0.0.0.0:5356 +ListenDatagram=0.0.0.0:5356 + +[Install] +WantedBy=sockets.target -- cgit v1.2.3