|
|
|
|
@ -15,16 +15,7 @@ When you start the daemon, it looks for a list of public DNS server from here:
|
|
|
|
|
https://dnscrypt.info/public-servers
|
|
|
|
|
|
|
|
|
|
Depending on all settings below the list can be shortened to your choice, like only IPv4, or logging disabled.
|
|
|
|
|
The fastest two servers will be used for DNS queries. If you use Unbound as your main resolver and want to
|
|
|
|
|
send your queries to Unbound first and forward to DNSCrypt-Proxy, just set this in your Unbound Custom Forwarding
|
|
|
|
|
entries:
|
|
|
|
|
|
|
|
|
|
==================================== ===============================================================================
|
|
|
|
|
Enabled Checked
|
|
|
|
|
Domain <empty>
|
|
|
|
|
Server IP 127.0.0.1
|
|
|
|
|
Port 5353
|
|
|
|
|
==================================== ===============================================================================
|
|
|
|
|
The fastest two servers will be used for DNS queries.
|
|
|
|
|
|
|
|
|
|
----------------
|
|
|
|
|
General Settings
|
|
|
|
|
@ -34,8 +25,9 @@ General Settings
|
|
|
|
|
Enable and start DNSCrypt-Proxy.
|
|
|
|
|
:Listen Address:
|
|
|
|
|
Here you set the addresses and ports to listen on. Default is localhost and port 5353.
|
|
|
|
|
If you want it to listen to port 53 you should enable **Allow Privileged Ports**, especially
|
|
|
|
|
If you want it to listen to port 53 you must enable **Allow Privileged Ports**, especially
|
|
|
|
|
when the system itself should treat it as a resolver.
|
|
|
|
|
required when using this service as a standalone core DNS server.
|
|
|
|
|
:Allow Privileged Ports:
|
|
|
|
|
This allows the service to listen on ports below 1024, like 53.
|
|
|
|
|
:Max Client Connections:
|
|
|
|
|
@ -99,13 +91,8 @@ or the usage of DNSBL.
|
|
|
|
|
|
|
|
|
|
To do so go to **Services->Unbound DNS->General** and uncheck *Enable*. If you are using Dnsmasq
|
|
|
|
|
go to **Services->Dnsmasq DNS->Settings** and uncheck *Enable*. Now change to **Services->DNSCrypt-Proxy->Configuration**
|
|
|
|
|
and add your Local LAN IP address to the *Listen Address* field, e.g. 192.168.2.1:53.
|
|
|
|
|
|
|
|
|
|
For IPv6 with dynamic prefixes you can work around this with ::1:53 as *Listen Address* and add
|
|
|
|
|
a Port Forward rule, matching every IPv6 UDP traffic, port 53, redirect to ::1.
|
|
|
|
|
|
|
|
|
|
Optionally you can set :53 to listen on all addresses like the default behaviour in Unbound.
|
|
|
|
|
and add the *Listen Address* 0.0.0.0:53 as well as [::]:53 for the service to be considered as
|
|
|
|
|
standalone by the core system.
|
|
|
|
|
|
|
|
|
|
Now you can go on with your configuration task, like choosing which servers to use, privacy policy or caching.
|
|
|
|
|
Also cloaking (overrides) or DNSBL can be used without any workarounds.
|
|
|
|
|
|
|
|
|
|
|
Franco Fichtner
1 year ago