Инструкция проверена для CentOS 7
dnscrypt-proxy — позволяет установить защищённое шифрованное соединение до DNS сервера (при условии поддержки технологии DNS сервером) и исключает перехват, подделку и прослушивание запросов и ответов к DNS серверу.
Установка
yum install dnscrypt-proxy
Создать каталог для настроек
mkdir /etc/dnscrypt
Файл /etc/systemd/system/dnscrypt.service
[Unit] Description = DNSCrypt Documentation = man:dnscrypt-proxy(8) After = network.target iptables.target [Service] Type = forking ExecStart = /etc/dnscrypt/dnscrypt.sh start Restart = always ExecStopPost = /etc/dnscrypt/dnscrypt.sh stop
Перечитываем конфигурацию systemd
systemctl daemon-reload
Файл /etc/dnscrypt/dnscrypt.sh
#!/bin/sh
# Т.к. на основном интерфейсе 127.0.0.1 висит bind,
# то нумерация начинается с 2
#!/bin/sh
start() {
echo 'DNSCrypt.eu Holland'
if [ -f /var/run/dnscrypt2.pid ]; then
echo 'Service already running' >&2
else
echo 'Starting service…'
/usr/sbin/ip addr add 127.0.0.2/32 dev lo label lo:0
/bin/touch /var/run/dnscrypt2.pid
/bin/chmod 666 /var/run/dnscrypt2.pid
/usr/sbin/dnscrypt-proxy --daemonize --logfile=/var/log/dnscrypt/dnscrypt2.log \
--pidfile=/var/run/dnscrypt2.pid --local-address=127.0.0.2:53 \
--provider-key=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 \
--provider-name=2.dnscrypt-cert.resolver1.dnscrypt.eu \
--resolver-address=176.56.237.171:443
echo 'Service started'
fi
echo 'Cypherpunks.ru'
if [ -f /var/run/dnscrypt3.pid ]; then
echo 'Service already running' >&2
else
echo 'Starting service…'
/usr/sbin/ip addr add 127.0.0.3/32 dev lo label lo:1
/bin/touch /var/run/dnscrypt3.pid
/bin/chmod 666 /var/run/dnscrypt3.pid
/usr/sbin/dnscrypt-proxy --daemonize --logfile=/var/log/dnscrypt/dnscrypt3.log \
--pidfile=/var/run/dnscrypt3.pid --local-address=127.0.0.3:53 \
--provider-key=1838:CCA3:D953:0A66:3433:5D50:05BD:3758:44E3:977E:E868:2B6C:5528:12BD:A78D:2E99 \
--provider-name=2.dnscrypt-cert.cypherpunks.ru \
--resolver-address=77.51.181.209:5353
echo 'Service started'
fi
echo 'Babylon Network Netherlands 0'
if [ -f /var/run/dnscrypt4.pid ]; then
echo 'Service already running' >&2
else
echo 'Starting service…'
/usr/sbin/ip addr add 127.0.0.4/32 dev lo label lo:2
/bin/touch /var/run/dnscrypt4.pid
/bin/chmod 666 /var/run/dnscrypt4.pid
/usr/sbin/dnscrypt-proxy --daemonize --logfile=/var/log/dnscrypt/dnscrypt4.log \
--pidfile=/var/run/dnscrypt4.pid --local-address=127.0.0.4:53 \
--provider-key=8794:070A:143D:35CA:1CA6:32E7:B189:3028:4EAE:5DAF:EBB4:01E3:DF52:E9F0:37AB:D182 \
--provider-name=2.dnscrypt-cert.babylon.network \
--resolver-address=87.253.152.190:5353
echo 'Service started'
fi
echo 'CS England DNSCrypt server'
if [ -f /var/run/dnscrypt5.pid ]; then
echo 'Service already running' >&2
else
echo 'Starting service…'
/usr/sbin/ip addr add 127.0.0.5/32 dev lo label lo:3
/bin/touch /var/run/dnscrypt5.pid
/bin/chmod 666 /var/run/dnscrypt5.pid
/usr/sbin/dnscrypt-proxy --daemonize --logfile=/var/log/dnscrypt/dnscrypt5.log \
--pidfile=/var/run/dnscrypt5.pid --local-address=127.0.0.5:53 \
--provider-key=3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A \
--provider-name=2.dnscrypt-cert.cryptostorm.is \
--resolver-address=5.101.137.251:443
echo 'Service started'
fi
}
stop() {
echo 'DNSCrypt.eu Holland'
if [ ! -f /var/run/dnscrypt2.pid ]; then
echo 'Service not running' >&2
else
echo 'Stopping service…'
kill -s 15 $(cat "/var/run/dnscrypt2.pid")
rm -f /var/run/dnscrypt2.pid
echo 'Service stopped'
fi
/usr/sbin/ip addr del 127.0.0.2/32 dev lo label lo:0
echo 'Cypherpunks.ru'
if [ ! -f /var/run/dnscrypt3.pid ]; then
echo 'Service not running' >&2
else
echo 'Stopping service…'
kill -s 15 $(cat "/var/run/dnscrypt3.pid")
rm -f /var/run/dnscrypt3.pid
echo 'Service stopped'
fi
/usr/sbin/ip addr del 127.0.0.3/32 dev lo label lo:1
echo 'Babylon Network Netherlands 0'
if [ ! -f /var/run/dnscrypt4.pid ]; then
echo 'Service not running' >&2
else
echo 'Stopping service…'
kill -s 15 $(cat "/var/run/dnscrypt4.pid")
rm -f /var/run/dnscrypt4.pid
echo 'Service stopped'
fi
/usr/sbin/ip addr del 127.0.0.4/32 dev lo label lo:2
echo 'CS England DNSCrypt server'
if [ ! -f /var/run/dnscrypt5.pid ]; then
echo 'Service not running' >&2
else
echo 'Stopping service…'
kill -s 15 $(cat "/var/run/dnscrypt5.pid")
rm -f /var/run/dnscrypt5.pid
echo 'Service stopped'
fi
/usr/sbin/ip addr del 127.0.0.5/32 dev lo label lo:3
}
case "$1" in
start)
start
;;
stop)
stop
;;
retart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
Делаем исполнимым
chmod +x /etc/dnscrypt/dnscrypt.sh
Запускаем
systemctl start dnscrypt