Page 3 of 3 FirstFirst 123
Results 21 to 21 of 21

Thread: DNS Cache and Encryption

  1. #21
    Join Date
    Mar 2005
    Beans
    211

    Re: DNS Cache and Encryption

    Here's the patch which should be applied to /etc/resolvconf/update.d/dnsmasq to cause dnsmasq to be dnscrypt-aware on a resolvconf system. Once this patch is applied, on a resolvconf system, dnsmasq server will forward queries to dnscrypt if dnscrypt has registered its listen address with resolvconf.

    Update: This patch has since been applied by the maintainer and is included in (Debian) dnsmasq 2.66-3 which was released on 2013-05-28. This package hasn't been synced to Ubuntu yet but there is a chance that it will still make it into 13.10.

    Note that none of this has any direct effect on the NetworkManager-controlled dnsmasq instance. However, when (patched) dnsmasq and (suitably configured) dnscrypt-proxy are installed the NetworkManager-controlled dnsmasq instance will not be used: the glibc resolver will route DNS queries to dnsmasq server which will forward them to dnscrypt-proxy which will resolve names using the OpenDNS servers.

    Note that this only works if dnscrypt has an initscript that does the equivalent of
    Code:
    echo "127.0.2.1" | resolvconf -a lo.dnscrypt
    on start (where 127.0.2.1 is the arbitrarily chosen loopback address) and
    Code:
    resolvconf -d lo.dnscrypt
    on stop. Note that the record name used here, "lo.dnscrypt", is different from the one I earlier proposed.

    Code:
    --- dnsmasq_2.65-1ubuntu1	2013-02-15 21:53:13.000000000 +0100
    +++ dnsmasq	2013-05-27 16:03:51.449152504 +0200
    @@ -18,6 +16,8 @@
     RUN_DIR="/var/run/dnsmasq"
     RSLVRLIST_FILE="${RUN_DIR}/resolv.conf"
     TMP_FILE="${RSLVRLIST_FILE}_new.$$"
    +MY_RECORD_NAME="lo.dnsmasq"
    +DNSCRYPT_RECORD_NAME="lo.dnscrypt"
     
     [ -x /usr/sbin/dnsmasq ] || exit 0
     [ -x /lib/resolvconf/list-records ] || exit 1
    @@ -45,7 +45,22 @@
     	exit 1
     fi
     
    -RSLVCNFFILES="$(/lib/resolvconf/list-records | sed -e '/^lo.dnsmasq$/d')"
    +RSLVCNFFILES=""
    +for F in $(/lib/resolvconf/list-records) ; do
    +	case "$F" in
    +	  "$MY_RECORD_NAME")
    +		# Omit
    +		;;
    +	  "$DNSCRYPT_RECORD_NAME")
    +		# Dnscrypt, I only have eyes for you
    +		RSLVCNFFILES="$DNSCRYPT_RECORD_NAME"
    +		break
    +		;;
    +	  *)
    +		RSLVCNFFILES="${RSLVCNFFILES:+$RSLVCNFFILES }$F"
    +		;;
    +	esac
    +done
     
     NMSRVRS=""
     if [ "$RSLVCNFFILES" ] ; then
    Last edited by jdthood; May 29th, 2013 at 08:00 AM. Reason: Mention that dnsmasq 2.66-3 has been released and say more about what this means for nm-dnsmasq

Page 3 of 3 FirstFirst 123

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •