divzeroweb

2f30.org website
git clone git://git.2f30.org/divzeroweb.git
Log | Files | Refs | README | LICENSE

commit 7d2994583e0f862b809e46a06b1ec37c57bf812a
parent 57a232ec491c32eb6cad4ee9002e0b0d60c07a2b
Author: sin <sin@2f30.org>
Date:   Tue Mar 15 13:55:19 +0000

Add dnscrypt_proxy instructions

Diffstat:
guides/openbsd-gateway.md | 42+++++++++++++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/guides/openbsd-gateway.md b/guides/openbsd-gateway.md @@ -30,7 +30,7 @@ The following topics will be discussed: * Firewall, routing and NAT configuration * DHCP server configuration -* Split horizon DNS +* Split horizon DNS + dnscrypt_proxy * PXE booting * Configuring an IPv6 gif(4) tunnel with Hurricane Electric * NetFlow sensor and collector configuration @@ -149,6 +149,45 @@ and browse the web. You should also be able to access $sshbox from the outside over ssh on the default port. In my configuration this is a separate machine but could just as well be the router itself. +### Using dnscrypt_proxy with unbound + +First install dnscrypt_proxy from packages. + +Adjust /etc/rc.conf.local: + + dnscrypt_proxy_flags="-l /dev/null -R dnscrypt.eu-nl -a 127.0.0.1:53" + pkg_scripts="dnscrypt_proxy" + +Start it: + + /etc/rc.d/dnscrypt_proxy start + +Then adjust the unbound configration: + +#### /var/unbound/etc/unbound.conf + + server: + interface: 10.0.0.1 + access-control: 10.0.0.0/24 allow + + local-data: "gw.2f30.org. IN A 10.0.0.1" + local-data-ptr: "10.0.0.1 gw.2f30.org." + + local-data: "sshbox.2f30.org. IN A 10.0.0.2" + local-data-ptr: "10.0.0.2 sshbox.2f30.org." + + forward-zone: + name: "." + forward-addr: 127.0.0.1 # dnscrypt_proxy is listening here + forward-addr: 208.67.220.220 + +Restart unbound: + + /etc/rc.d/unbound restart + +You should use [tcpdump(8)](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tcpdump.8) +to confirm that DNS requests are encrypted. + ### PXE booting I use PXE booting on my laptop to upgrade OpenBSD. I run a tftp server on my router @@ -306,3 +345,4 @@ I've found the following references highly informative and useful. * [IPv6 for IPv4 Experts](https://sites.google.com/site/yartikhiy/home/ipv6book) * [IPv6 Core Protocols Implementation](http://www.amazon.co.uk/Protocols-Implementation-Morgan-Kaufmann-Networking-x/dp/0124477518) * [TCP/IP guide](http://www.tcpipguide.com/) +