Pages

Friday, 26 January 2018

anti-pollution DNS server ,Neat DNS


an anti-pollution DNS server,
Including the following software:
  • bind
  • dnscrypt-wrapper
  • collectd

Deployment

docker run -itd \
 --name=neatdns \
 -p 53:53/tcp \
 -p 53:53/udp \
 -p 443:443/tcp \
 -p 443:443/udp \
 -v $DNSCRYPT_KEY_PATH:/srv/dnscrypt-wrapper \
 -e DNSCRYPT_PROVIDER=2.dnscrypt-cert.example.org \
 --cap-add=NET_ADMIN \
 ustclug/neatdns
P.S. you should install docker first.
Available environment variables:
Name Implication Default Value
GLOBAL_DNS1 preferred DNS server to resolve non-China website 8.8.4.4
GLOBAL_DNS2 alternate DNS server to resolve non-China website 8.8.8.8
CHINA_DNS1 preferred DNS server to resolve China website 119.29.29.29
CHINA_DNS2 alternate DNS server to resolve China website 223.5.5.5
DNSCRYPT_PROVIDER DNSCrypt provider name 2.dnscrypt-cert.ustclug.org
COLLECTD_ON auto-start collectd false
COLLECTD_HOSTNAME hostname defined in collectd.conf neatdns
INFLUXDB_HOST remote influxDB host influxdb
INFLUXDB_PORT remote influxDB port 25826
FAIL2BAN_ON auto-start fail2ban true

DNSCrypt Client Usage

Please get your own DNSCrypt fingerprint first:
$ cat $DNSCRYPT_KEY_PATH/fingerprint
Provider public key fingerprint : 4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
ATTENTION: It would show a different fingerprint, please replace the fingerprint below with your own one.
Then, run dnscrypt-proxy on the client side, for example:
dnscrypt-proxy --local-address=127.0.0.1:53 --resolver-address=$DNS_SERVER:443 --provider-name=2.dnscrypt-cert.example.org --provider-key=4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
NOTE: You need to replace $DNS_SERVER with your server IP address.

from https://github.com/ustclug/neatdns

No comments:

Post a Comment