summaryrefslogtreecommitdiff
path: root/network/dnscrypt-wrapper/README.Slackware
diff options
context:
space:
mode:
authorT3slider <t3slider@gmail.com>2014-10-09 18:53:54 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2014-10-11 00:14:39 +0700
commit273b9a2848c4fdbb84a7e5954cae078e256b6671 (patch)
tree2a2717cb58d2294723713471c9bb42391978fed0 /network/dnscrypt-wrapper/README.Slackware
parent524b50360702057246aa47ca4f80dd35d4e6dfed (diff)
downloadslackbuilds-273b9a2848c4fdbb84a7e5954cae078e256b6671.tar.gz
network/dnscrypt-wrapper: Update script.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/dnscrypt-wrapper/README.Slackware')
-rw-r--r--network/dnscrypt-wrapper/README.Slackware48
1 files changed, 48 insertions, 0 deletions
diff --git a/network/dnscrypt-wrapper/README.Slackware b/network/dnscrypt-wrapper/README.Slackware
new file mode 100644
index 0000000000..0c162404a3
--- /dev/null
+++ b/network/dnscrypt-wrapper/README.Slackware
@@ -0,0 +1,48 @@
+Setup
+
+An init script and configuration file have been provided to run
+dnscrypt-wrapper as a daemon. To configure dnscrypt-wrapper, edit
+/etc/default/dnscrypt-wrapper with the desired settings. By default
+dnscrypt-wrapper will run on 0.0.0.0 (all interfaces), port 53, forwarding DNS
+queries to 8.8.8.8:53 (Google's DNS server).
+
+The configuration file is setup to use a dnscrypt user by default, and to
+chroot into that user's home directory to maximize security. In order to use
+the default configuration you should create a dnscrypt user and group with the
+following commands:
+
+ groupadd -g 293 dnscrypt
+ useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
+
+If you decide to use another user you should edit the CHROOTDIR and USER
+options in /etc/default/dnscrypt-wrapper (there are example settings provided
+for the user 'nobody').
+
+dnscrypt-wrapper requires both provider and cryptographic public and secret
+keys, and a provider certificate. These can all be generated manually (see
+/usr/doc/dnscrypt-wrapper-@VERSION@/README.md ), or they can be generated
+automatically by configuring /etc/default/dnscrypt-wrapper and running
+
+ /etc/rc.d/rc.dnscrypt-wrapper generate-keys
+ /etc/rc.d/rc.dnscrypt-wrapper generate-cert
+
+You will need to note the provider key fingerprint(s) when running that
+command, since clients will need it for verification.
+
+In order for clients to forward queries through dnscrypt-wrapper, they will
+need to run dnscrypt-proxy configured to connect to the server running
+dnscrypt-wrapper.
+
+To start dnscrypt-wrapper automatically at system start, add the following to
+/etc/rc.d/rc.local:
+
+ if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then
+ /etc/rc.d/rc.dnscrypt-wrapper start
+ fi
+
+To properly stop dnscrypt-wrapper on system shutdown, add the following to
+/etc/rc.d/rc.local_shutdown:
+
+ if [ -x /etc/rc.d/rc.dnscrypt-wrapper ]; then
+ /etc/rc.d/rc.dnscrypt-wrapper stop
+ fi