diff options
| author | T3slider <t3slider@gmail.com> | 2014-10-09 18:53:54 +0700 |
|---|---|---|
| committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2014-10-11 00:14:39 +0700 |
| commit | 273b9a2848c4fdbb84a7e5954cae078e256b6671 (patch) | |
| tree | 2a2717cb58d2294723713471c9bb42391978fed0 /network/dnscrypt-wrapper/README.Slackware | |
| parent | 524b50360702057246aa47ca4f80dd35d4e6dfed (diff) | |
| download | slackbuilds-273b9a2848c4fdbb84a7e5954cae078e256b6671.tar.gz | |
network/dnscrypt-wrapper: Update script.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/dnscrypt-wrapper/README.Slackware')
| -rw-r--r-- | network/dnscrypt-wrapper/README.Slackware | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/network/dnscrypt-wrapper/README.Slackware b/network/dnscrypt-wrapper/README.Slackware new file mode 100644 index 0000000000..0c162404a3 --- /dev/null +++ b/network/dnscrypt-wrapper/README.Slackware @@ -0,0 +1,48 @@ +Setup + +An init script and configuration file have been provided to run +dnscrypt-wrapper as a daemon. To configure dnscrypt-wrapper, edit +/etc/default/dnscrypt-wrapper with the desired settings. By default +dnscrypt-wrapper will run on 0.0.0.0 (all interfaces), port 53, forwarding DNS +queries to 8.8.8.8:53 (Google's DNS server). + +The configuration file is setup to use a dnscrypt user by default, and to +chroot into that user's home directory to maximize security. In order to use +the default configuration you should create a dnscrypt user and group with the +following commands: + + groupadd -g 293 dnscrypt + useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt + +If you decide to use another user you should edit the CHROOTDIR and USER +options in /etc/default/dnscrypt-wrapper (there are example settings provided +for the user 'nobody'). + +dnscrypt-wrapper requires both provider and cryptographic public and secret +keys, and a provider certificate. These can all be generated manually (see +/usr/doc/dnscrypt-wrapper-@VERSION@/README.md ), or they can be generated +automatically by configuring /etc/default/dnscrypt-wrapper and running + + /etc/rc.d/rc.dnscrypt-wrapper generate-keys + /etc/rc.d/rc.dnscrypt-wrapper generate-cert + +You will need to note the provider key fingerprint(s) when running that +command, since clients will need it for verification. + +In order for clients to forward queries through dnscrypt-wrapper, they will +need to run dnscrypt-proxy configured to connect to the server running +dnscrypt-wrapper. + +To start dnscrypt-wrapper automatically at system start, add the following to +/etc/rc.d/rc.local: + + if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then + /etc/rc.d/rc.dnscrypt-wrapper start + fi + +To properly stop dnscrypt-wrapper on system shutdown, add the following to +/etc/rc.d/rc.local_shutdown: + + if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then + /etc/rc.d/rc.dnscrypt-wrapper stop + fi |