Installation and configuration of the Dnscrypt_wrapper server

Before I introduced the science to visit the Internet which is very important for a ring dnscrypt_proxy, which is actually the client. Dnscrypt-proxy after installation will bring some foreign public dnscrypt-wrapper service, so Dnscrypt service is dnscrypt-wrapper. Dnscrypt provides programs and tutorials to build dnscrypt-wrapper services independently. I'm here to briefly talk about the usage of Dnscrypt-wrapper server.

Previously summary:

Server-side system platform: CentOS 6 x86_64

Dnscrypt-wrapper version: (The official does not specify the version number, the author uses the 2016.12-month version when writing)

Dnscrypt Update Description: Dnscrypt update to now, the software features have stabilized, the pace of renewal also slowed further.

Dnscrypt-proxy version: 1.4.0 (currently updated to 1.6+, but the new version on the EL6 platform due to the old dependency package, so the CENTOS6 rhel6 platform may need to update the system-dependent software version, but on the EL7 platform can be very good installation and operation)

To start the installation:

# Dnscrypt-wrapper relies on the Libsodium and Libevent 2 development package, the CentOS 6 system uses Libevent 1 by default, so you need to uninstall Libevent 1 and then install Libevent2yum remove-y l Ibevent-develyum install-y Libevent2-devel Libsodium-devel

Download Dnscrypt-wrappertar xvf dnscrypt-wrapper.tar.gzcd dnscrypt-wrappermake configure./configure--prefix=/usr/local/ Dnscrypt_wrapper--datarootdir=/usr/share/--mandir=/usr/share/man/make Install and then update the environment variables to/usr/local/dnscrypt_ The Wrapper/sbin path is added to the path variable.

Configuration dnscrypt-wrapper:

1. Generate a public private key.

CD ~mkdir dnskey//Create a new directory to store the certificate CD dnskeydnscrypt-wrapper--gen-provider-keypair//generate provider key pair, default to Secret.key Public.key

Here the system will feedback a fingerprint information, this information is the client configuration when required "Provider_public_key"! So be sure to keep it good. The fingerprint information can also be printed later:

Dnscrypt-wrapper--show-provider-publickey-fingerprint--provider-publickey-file=public.key

2. Generate a signing certificate

Generate certificate private key to Dnscrypt-wrapper--gen-crypt-keypair--crypt-secretkey-file=1.key generate signing certificate, default 365 days, can use-- Cert-file-expire-days Specify a valid time Dnscrypt-wrapper--gen-cert-file--crypt-secretkey-file=1.key--provider-cert-file=1. Cert

3. The dnscrypt-wrapper process runs, listening on a port, the default TCP and UDP are this port.

Dnscrypt-wrapper--resolver-address=114.114.114.114:53--listen-address=0.0.0.0:3536--provider-name=2. Dnscrypt-cert.abc.com--crypt-secretkey-file=1.key--PROVIDER-CERT-FILE=1.CERT-VV

The--provider-name= is not necessary and can be filled in casually, but attention must be paid to 2.dnscrypt-cert. Beginning.

-VV Turn on Details mode

-d;--daemonize Background Run mode

The Dnscrypt-wrapper server is ready to complete. Remember the first step of Public.key and secret.key properly preserved.

To configure the Dnscrypt-proxy client:

Configure it by referring to the first article I mentioned at the beginning. Here only how to and self-built Dnscrypt service docking.

Dnscrypt-proxy--local-address=0.0.0.0:3536--provider-key=3233:0058:e78b:77bb:7683:71bd:bb72:e226:7dbc:db C6:0473:8753:DC13:40D3:EDF5:A3BA--provider-name=2.dnscrypt-cert.cbd.cn--resolver-addres s=12.34.56.78:443

Local-address is the local listening address and accepts the client's query information.

Resolver-address is the address and port of the Dnscrypt-wrapper server, where the address cannot be replaced by a resolvable domain name

Provider-key the public key fingerprint information generated for the first step of configuring Dnscrypt-wrapper

The rest of the configuration parameters are no longer detailed here.

This article from "Professor elder brother" blog, reprint please contact the author!

Installation and configuration of the Dnscrypt_wrapper server