slackbuilds_ponce/network/dnscrypt-wrapper/README.Slackware

49 lines
1.9 KiB
Text
Raw Normal View History

Setup
An init script and configuration file have been provided to run
dnscrypt-wrapper as a daemon. To configure dnscrypt-wrapper, edit
/etc/default/dnscrypt-wrapper with the desired settings. By default
dnscrypt-wrapper will run on 0.0.0.0 (all interfaces), port 53, forwarding DNS
queries to 8.8.8.8:53 (Google's DNS server).
The configuration file is setup to use a dnscrypt user by default, and to
chroot into that user's home directory to maximize security. In order to use
the default configuration you should create a dnscrypt user and group with the
following commands:
groupadd -g 293 dnscrypt
useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
If you decide to use another user you should edit the CHROOTDIR and USER
options in /etc/default/dnscrypt-wrapper (there are example settings provided
for the user 'nobody').
dnscrypt-wrapper requires both provider and cryptographic public and secret
keys, and a provider certificate. These can all be generated manually (see
/usr/doc/dnscrypt-wrapper-@VERSION@/README.md ), or they can be generated
automatically by configuring /etc/default/dnscrypt-wrapper and running
/etc/rc.d/rc.dnscrypt-wrapper generate-keys
/etc/rc.d/rc.dnscrypt-wrapper generate-cert
You will need to note the provider key fingerprint(s) when running that
command, since clients will need it for verification.
In order for clients to forward queries through dnscrypt-wrapper, they will
need to run dnscrypt-proxy configured to connect to the server running
dnscrypt-wrapper.
To start dnscrypt-wrapper automatically at system start, add the following to
/etc/rc.d/rc.local:
if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then
/etc/rc.d/rc.dnscrypt-wrapper start
fi
To properly stop dnscrypt-wrapper on system shutdown, add the following to
/etc/rc.d/rc.local_shutdown:
if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then
/etc/rc.d/rc.dnscrypt-wrapper stop
fi