Page 3 of 3 FirstFirst 123
Results 21 to 21 of 21

Thread: DNS Cache and Encryption

  1. #21
    Join Date
    Mar 2005

    Re: DNS Cache and Encryption

    Here's the patch which should be applied to /etc/resolvconf/update.d/dnsmasq to cause dnsmasq to be dnscrypt-aware on a resolvconf system. Once this patch is applied, on a resolvconf system, dnsmasq server will forward queries to dnscrypt if dnscrypt has registered its listen address with resolvconf.

    Update: This patch has since been applied by the maintainer and is included in (Debian) dnsmasq 2.66-3 which was released on 2013-05-28. This package hasn't been synced to Ubuntu yet but there is a chance that it will still make it into 13.10.

    Note that none of this has any direct effect on the NetworkManager-controlled dnsmasq instance. However, when (patched) dnsmasq and (suitably configured) dnscrypt-proxy are installed the NetworkManager-controlled dnsmasq instance will not be used: the glibc resolver will route DNS queries to dnsmasq server which will forward them to dnscrypt-proxy which will resolve names using the OpenDNS servers.

    Note that this only works if dnscrypt has an initscript that does the equivalent of
    echo "" | resolvconf -a lo.dnscrypt
    on start (where is the arbitrarily chosen loopback address) and
    resolvconf -d lo.dnscrypt
    on stop. Note that the record name used here, "lo.dnscrypt", is different from the one I earlier proposed.

    --- dnsmasq_2.65-1ubuntu1	2013-02-15 21:53:13.000000000 +0100
    +++ dnsmasq	2013-05-27 16:03:51.449152504 +0200
    @@ -18,6 +16,8 @@
     [ -x /usr/sbin/dnsmasq ] || exit 0
     [ -x /lib/resolvconf/list-records ] || exit 1
    @@ -45,7 +45,22 @@
     	exit 1
    -RSLVCNFFILES="$(/lib/resolvconf/list-records | sed -e '/^lo.dnsmasq$/d')"
    +for F in $(/lib/resolvconf/list-records) ; do
    +	case "$F" in
    +	  "$MY_RECORD_NAME")
    +		# Omit
    +		;;
    +		# Dnscrypt, I only have eyes for you
    +		break
    +		;;
    +	  *)
    +		;;
    +	esac
     if [ "$RSLVCNFFILES" ] ; then
    Last edited by jdthood; May 29th, 2013 at 08:00 AM. Reason: Mention that dnsmasq 2.66-3 has been released and say more about what this means for nm-dnsmasq

Page 3 of 3 FirstFirst 123

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts