-
-
Save bobguo/1f87223b92724aac6c99 to your computer and use it in GitHub Desktop.
Revisions
-
ahmozkya revised this gist
Jan 16, 2014 . 1 changed file with 34 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ## Install & Configure 1. Install DNSMasq ~~~ sh $ brew install dnsmasq @@ -10,11 +10,39 @@ ~~~ 3. Configure 1. /usr/local/etc/dnsmasq.conf 2. /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist 3. /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist 4. Reload `dnscrypt-proxy` service ~~~ sh $ sudo launchctl stop homebrew.mxcl.dnscrypt-proxy && sudo launchctl start homebrew.mxcl.dnscrypt-proxy ~~~ 5. Reload `dnsmasq` service ~~~ sh $ sudo launchctl stop homebrew.mxcl.dnsmasq && sudo launchctl start homebrew.mxcl.dnsmasq ~~~ 6. Set DNS IP: 127.0.0.1 ## Check ### DNS Configuration ~~~ sh $ scutil --dns ~~~ ~~~ ... resolver #1 search domain[0] : openvpn nameserver[0] : 127.0.0.1 flags : Request A records, Request AAAA records reach : Reachable,Local Address ... ~~~ ### DNSCrypt ~~~ sh $ nslookup -type=txt debug.opendns.com ~~~ -
Jan 16, 2014 . 2 changed files with 36 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,40 @@ ## Install 1. Install DNSMasq ~~~ sh $ brew install dnsmasq ~~~ 2. Install DNSCrypt-proxy ~~~ sh $ brew install dnscrypt-proxy ~~~ 3. Configure * /usr/local/etc/dnsmasq.conf * /Library/LaunchDaemons/homebrew.mxcl.dnscrypt-proxy.plist * /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist ## Check DNSCrypt ~~~ sh $ nslookup -type=txt debug.opendns.com ~~~ ~~~ Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: debug.opendns.com text = "server 7.ams" debug.opendns.com text = "flags 20 0 2f4 800000000000000" debug.opendns.com text = "id 0" debug.opendns.com text = "source xxx.xxx.xxx.xxx:xxxxx" debug.opendns.com text = "dnscrypt enabled (xxxxxxxxxxxxxxxx)" Authoritative answers can be found from: ~~~ ## Useful links: * [dnsleaktest.com](https://www.dnsleaktest.com) * [dnscrypt.org](http://dnscrypt.org) * [opendns.com](http://opendns.com) * [dnscrypt.eu](https://dnscrypt.eu) This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,6 +12,9 @@ <string>--local-address=127.0.0.1:40</string> <string>--edns-payload-size=4096</string> <string>--user=nobody</string> <string>--resolver-address=208.67.220.220:443</string> <string>--provider-name=2.dnscrypt-cert.opendns.com</string> <string>--provider-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79</string> </array> <key>RunAtLoad</key> <true/> -
Jan 16, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ 1. Install DNSMasq ~~~ sh brew install dnsmasq ~~~ 2. Install DNSCrypt-proxy ~~~ sh brew install dnscrypt-proxy ~~~ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,68 @@ # Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # Custom development domains address=/.dev/127.0.0.1 address=/.dom/127.0.0.1 # Upstream DNSCrypt server=127.0.0.1#40 #user= #group= # Don't read the hostnames in /etc/hosts. no-hosts # Do not go into the background at startup but otherwise run as # normal. keep-in-foreground # Do not provide DHCP or TFTP on the loopback interface. no-dhcp-interface=lo # Only listen on the loopback interface. listen-address=127.0.0.1 # Only bind to interfaces dnsmasq is listening on. bind-interfaces # Never forward addresses in the non-routed address spaces. bogus-priv # Don't read /etc/resolv.conf. no-resolv # Reject (and log) addresses from upstream nameservers which are in # the private IP ranges. This blocks an attack where a browser behind # a firewall is used to probe machines on the local network. stop-dns-rebind # Exempt 127.0.0.0/8 from rebinding checks. This address range is # returned by realtime black hole servers, so blocking it may disable # these services. rebind-localhost-ok # Never forward plain names (without a dot or domain part). # domain-needed # Set the cache size here. If you don't use spam blocking add-ons such # Adblock Plus or Ghostery, you may want to increase this value as you # will be resolving more domain names. cache-size=1000 #no-negcache #local-ttl= # Pass through DNSSEC validation results from dnscrypt-proxy. proxy-dnssec #mx-host=maildomain.com,servermachine.com,50 #mx-target=servermachine.com #localmx #selfmx #log-queries This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,25 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>homebrew.mxcl.dnscrypt-proxy</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnscrypt-proxy/sbin/dnscrypt-proxy</string> <string>--local-address=127.0.0.1:40</string> <string>--edns-payload-size=4096</string> <string>--user=nobody</string> </array> <key>RunAtLoad</key> <true/> <key>StandardErrorPath</key> <string>/dev/null</string> <key>StandardOutPath</key> <string>/dev/null</string> <key>UserName</key> <string>root</string> </dict> </plist> This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Disabled</key> <false/> <key>KeepAlive</key> <dict> <key>NetworkState</key> <true/> </dict> <key>Label</key> <string>homebrew.mxcl.dnsmasq</string> <key>ProgramArguments</key> <array> <string>/usr/local/opt/dnsmasq/sbin/dnsmasq</string> <string>--keep-in-foreground</string> </array> </dict> </plist>