social.dark-alexandr.net

sss friendica
I had to make this post.

It's about turning back from go-shit to pure C in dnscrypt-proxy.

yes, the original dnscrypt-proxy 1.9.5 works. it works just fine, as is. I had not even patch it.
I had a kind of quest to find the sources, it was not found at archive.org I found them at
https://snork.ca/posts/2018-06-24-dnscrypt-proxy-on-debian-maybe-final/dnscrypt-proxy-1.9.5.tar.gz
(and I added this page to archive.org for the future)

usual build process autoreconf -fi && ./configure [options, if necessary] && make && make install. nothing to comment.

install it for auto run in your init system yourself. I use runit and I do it manually. I will make a package for Void Linux later.

now, download the 'fresh' dnscrypt-resolvers.csv from here (get raw file to get csv, not the html!):
https://github.com/dyne/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
(maybe you can find better versions, but you need the csv format).

then, we can run util scripts supplied with sources in contrib directory. updating does not work because go-kids killed the site content. though, the resolvers check does work:
edit the script contrib/resolvers-check.sh to point to your obtained file dnscrypt-resolvers.csv and the proper instance of newly compiled dnscrypt-proxy and run it. it till take some time. wait until it finishes. it will generate file dnscrypt-online-resolvers.csv. you can use it in your config for further use to avoid failing and outdated resolvers records.

config.
config is well described in documentation and in the file itself. there's no secrets and not much to add.

some hints: remove all cisco records from the resolvers - they save logs for suspicious reasons and modify your queries to include a copy of your network
address when forwarding them to a selection of companies and organizations.
(see remarks to servers in resolvers list of go-variant of dnscrypt-proxy. for instance here https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md)

well, what profit we can get from the go-kids? we can get some profit from their resolvers lists.
first of all, they invented sdns path records that look weird and do not suit for our C-way dnscrypt-proxy. you can see sdns paths everywhere in their resolvers lists. how to convert sdns shit to human readable something? well, now I know only one way - via using web site here: https://dnscrypt.info/stamps/
(they mentioned some javascript on their site. but javascript sounds even worse than go).
to the right side on the page there's a field for sdns path and when entered it automatically converts it in the data we need: provider name, provider public key and provider ip address (and port). these data can be used for our dnscrypt-proxy in its config as additional resolvers. get sure the resolver supports dnscrypt and has a check 'no logs' (do you need spying for your traffic?).

well. basically, that's all. now we edit the dnscrypt-proxy.conf (sample file supplied in root sources directory), put it to the place that we set in our init system configuration (somewhere in /etc/dnscrypt-proxy/) and copy there the rest of confg files, if needed (also supplied with sources). don't forget the obtained from script dnscrypt-online-resolvers.csv. edit the config as you want and then run the server:

/usr/local/sbin/dnscrypt-proxy /etc/dnscrypt-proxy/dnscrypt-proxy.conf

voila!

it works, guys! I have checked it with dnscrypt.eu-dk resolver and I at the moment my system uses the true C dnscrypt-proxy 😀

though, I haven't yet tested it under heavy load and for long time. it has to be done yet. but I hope everything is ok and in case of any troubles I gonna debug it and fix the problems.

I gonna support this code. maybe I will improve it to use the sdns-style resolvers lists.

take care and write in C!

YouTube: Write in C (Albert Veli)



to @sss: you asked to cast you for this post.


# # # # # # #