Last active
July 2, 2025 01:46
-
-
Save ahmozkya/8456503 to your computer and use it in GitHub Desktop.
Revisions
-
ahmozkya revised this gist
Jul 24, 2022 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,8 @@ # Do not use this guide. The dnscrypt protocol and dnscrypt-proxy configuration file have changed a lot since I wrote this gist. Check the following links for help: - https://dnscrypt.info/faq - https://github.com/DNSCrypt/dnscrypt-proxy ## Install & Configure 1. Install DNSMasq ~~~ sh -
Feb 4, 2016 . 2 changed files with 41 additions and 39 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,28 +1,28 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-/Apple/DTD PLIST 1.0/EN" "http:/www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.dnscrypt-proxy</string> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string> <string>--local-address=127.0.0.1:40</string> <string>--local-address=[::1]:40</string> <string>--ephemeral-keys</string> <string>--resolvers-list=/usr/local/Cellar/dnscrypt-proxy/1.6.0_3/share/dnscrypt-proxy/dnscrypt-resolvers.csv</string> <string>--resolver-name=cisco</string> <string>--user=nobody</string> </array> <key>UserName</key> <string>root</string> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> </dict> </plist> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,17 +1,19 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.dnsmasq</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string> <string>--keep-in-foreground</string> <string>-C</string> <string>/usr/local/etc/dnsmasq.conf</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> </dict> </plist> -
Apr 10, 2015 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,11 +15,13 @@ 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ⬇ 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ⬇ 4. Reload `dnscrypt-proxy` service ~~~ sh $ cd /Library/LaunchDaemons/ $ sudo launchctl unload homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load homebrew.mxcl.dnscrypt-proxy.plist ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl unload homebrew.mxcl.dnsmasq.plist && sudo launchctl load homebrew.mxcl.dnsmasq.plist ~~~ -
Apr 10, 2015 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,8 +17,6 @@ 4. Reload `dnscrypt-proxy` service ~~~ sh $ cd /Library/LaunchDaemons/ $ sudo launchctl unload homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load homebrew.mxcl.dnscrypt-proxy.plist ~~~ 5. Reload `dnsmasq` service -
Apr 10, 2015 . 1 changed file with 9 additions and 9 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,16 +15,16 @@ 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ⬇ 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ⬇ 4. Reload `dnscrypt-proxy` service ~~~ sh $ cd /Library/LaunchDaemons/ ~~~ ~~~ sh $ sudo launchctl unload homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load homebrew.mxcl.dnscrypt-proxy.plist ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl unload homebrew.mxcl.dnsmasq.plist && sudo launchctl load homebrew.mxcl.dnsmasq.plist ~~~ 6. Set DNS IP: 127.0.0.1 ## Check -
Apr 10, 2015 . 1 changed file with 9 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,15 +15,16 @@ 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ⬇ 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ⬇ 4. Reload `dnscrypt-proxy` service ~~~ sh $ cd /Library/LaunchDaemons/ ~~~ ~~~ sh $ sudo launchctl unload homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load homebrew.mxcl.dnscrypt-proxy.plist ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl unload homebrew.mxcl.dnsmasq.plist && sudo launchctl load homebrew.mxcl.dnsmasq.plist ~~~ 6. Set DNS IP: 127.0.0.1 ## Check -
Ahmet Özkaya revised this gist
Mar 15, 2015 . 3 changed files with 19 additions and 22 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,18 +11,18 @@ 3. Configure 1. /usr/local/etc/dnsmasq.conf ⬇ 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ⬇ 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ⬇ 4. Reload `dnscrypt-proxy` service ~~~ sh $ sudo launchctl unload /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist && sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl unload /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist && sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ~~~ 6. Set DNS IP: 127.0.0.1 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,10 +2,18 @@ <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.dnscrypt-proxy</string> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> <key>UserName</key> <string>root</string> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string> @@ -16,13 +24,5 @@ <string>--provider-name=2.dnscrypt-cert.opendns.com</string> <string>--provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79</string> </array> </dict> </plist> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,15 +2,12 @@ <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>homebrew.mxcl.dnsmasq</string> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string> -
Jan 16, 2014 . 1 changed file with 34 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ## Install & Configure 1. Install DNSMasq ~~~ sh $ brew install dnsmasq @@ -10,11 +10,39 @@ ~~~ 3. Configure 1. /usr/local/etc/dnsmasq.conf 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist 4. Reload `dnscrypt-proxy` service ~~~ sh $ sudo launchctl stop homebrew.mxcl.dnscrypt-proxy && sudo launchctl start homebrew.mxcl.dnscrypt-proxy ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl stop homebrew.mxcl.dnsmasq && sudo launchctl start homebrew.mxcl.dnsmasq ~~~ 6. Set DNS IP: 127.0.0.1 ## Check ### DNS Configuration ~~~ sh $ scutil --dns ~~~ ~~~ ... resolver #1 search domain[0] : openvpn nameserver[0] : 127.0.0.1 flags : Request A records, Request AAAA records reach : Reachable,Local Address ... ~~~ ### DNSCrypt ~~~ sh $ nslookup -type=txt debug.opendns.com ~~~ -
Jan 16, 2014 . 2 changed files with 36 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,40 @@ ## Install 1. Install DNSMasq ~~~ sh $ brew install dnsmasq ~~~ 2. Install DNSCrypt-proxy ~~~ sh $ brew install dnscrypt-proxy ~~~ 3. Configure * /usr/local/etc/dnsmasq.conf * /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist * /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ## Check DNSCrypt ~~~ sh $ nslookup -type=txt debug.opendns.com ~~~ ~~~ Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: debug.opendns.com text = "server 7.ams" debug.opendns.com text = "flags 20 0 2f4 800000000000000" debug.opendns.com text = "id 0" debug.opendns.com text = "source xxx.xxx.xxx.xxx:xxxxx" debug.opendns.com text = "dnscrypt enabled (xxxxxxxxxxxxxxxx)" Authoritative answers can be found from: ~~~ ## Useful links: * [dnsleaktest.com](https://www.dnsleaktest.com) * [dnscrypt.org](http://dnscrypt.org) * [opendns.com](http://opendns.com) * [dnscrypt.eu](https://dnscrypt.eu) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,6 +12,9 @@ <string>--local-address=127.0.0.1:40</string> <string>--edns-payload-size=4096</string> <string>--user=nobody</string> <string>--resolver-address=208.67.220.220:443</string> <string>--provider-name=2.dnscrypt-cert.opendns.com</string> <string>--provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79</string> </array> <key>RunAtLoad</key> <true/> -
Jan 16, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ 1. Install DNSMasq ~~~ sh brew install dnsmasq ~~~ 2. Install DNSCrypt-proxy ~~~ sh brew install dnscrypt-proxy ~~~ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,68 @@ # Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # Custom development domains address=/.dev/127.0.0.1 address=/.dom/127.0.0.1 # Upstream DNSCrypt server=127.0.0.1#40 #user= #group= # Don't read the hostnames in /etc/hosts. no-hosts # Do not go into the background at startup but otherwise run as # normal. keep-in-foreground # Do not provide DHCP or TFTP on the loopback interface. no-dhcp-interface=lo # Only listen on the loopback interface. listen-address=127.0.0.1 # Only bind to interfaces dnsmasq is listening on. bind-interfaces # Never forward addresses in the non-routed address spaces. bogus-priv # Don't read /etc/resolv.conf. no-resolv # Reject (and log) addresses from upstream nameservers which are in # the private IP ranges. This blocks an attack where a browser behind # a firewall is used to probe machines on the local network. stop-dns-rebind # Exempt 127.0.0.0/8 from rebinding checks. This address range is # returned by realtime black hole servers, so blocking it may disable # these services. rebind-localhost-ok # Never forward plain names (without a dot or domain part). # domain-needed # Set the cache size here. If you don't use spam blocking add-ons such # Adblock Plus or Ghostery, you may want to increase this value as you # will be resolving more domain names. cache-size=1000 #no-negcache #local-ttl= # Pass through DNSSEC validation results from dnscrypt-proxy. proxy-dnssec #mx-host=maildomain.com,servermachine.com,50 #mx-target=servermachine.com #localmx #selfmx #log-queries This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,25 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>homebrew.mxcl.dnscrypt-proxy</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string> <string>--local-address=127.0.0.1:40</string> <string>--edns-payload-size=4096</string> <string>--user=nobody</string> </array> <key>RunAtLoad</key> <true/> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> <key>UserName</key> <string>root</string> </dict> </plist> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Disabled</key> <false/> <key>KeepAlive</key> <dict> <key>NetworkState</key> <true/> </dict> <key>Label</key> <string>homebrew.mxcl.dnsmasq</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string> <string>--keep-in-foreground</string> </array> </dict> </plist>
Ahmet Özkaya
revised
this gist