an anti-pollution DNS server
Including the following software:
- bind
- dnscrypt-wrapper
- collectd
docker run -itd \ --name=neatdns \ -p 53:53/tcp \ -p 53:53/udp \ -p 443:443/tcp \ -p 443:443/udp \ -v $DNSCRYPT_KEY_PATH:/srv/dnscrypt-wrapper \ -e DNSCRYPT_PROVIDER=2.dnscrypt-cert.example.org \ --cap-add=NET_ADMIN \ ustclug/neatdnsP.S. you should install docker first.
Available environment variables:
| Name | Implication | Default Value |
|---|---|---|
| GLOBAL_DNS1 | preferred DNS server to resolve non-China website | 8.8.4.4 |
| GLOBAL_DNS2 | alternate DNS server to resolve non-China website | 8.8.8.8 |
| CHINA_DNS1 | preferred DNS server to resolve China website | 119.29.29.29 |
| CHINA_DNS2 | alternate DNS server to resolve China website | 223.5.5.5 |
| DNSCRYPT_ON | auto-start DNSCrypt daemon | true |
| DNSCRYPT_PROVIDER | DNSCrypt provider name | 2.dnscrypt-cert.ustclug.org |
| DNSCRYPT_PORT | DNSCrypt port | 443 |
| COLLECTD_ON | auto-start collectd | false |
| COLLECTD_HOSTNAME | hostname defined in collectd.conf | neatdns |
| INFLUXDB_HOST | remote influxDB host | influxdb |
| INFLUXDB_PORT | remote influxDB port | 25826 |
| FAIL2BAN_ON | auto-start fail2ban | true |
Please get your own DNSCrypt fingerprint first:
$ cat $DNSCRYPT_KEY_PATH/fingerprint Provider public key fingerprint : 4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191ATTENTION: It would show a different fingerprint, please replace the fingerprint below with your own one.
Then, run dnscrypt-proxy on the client side, for example:
dnscrypt-proxy --local-address=127.0.0.1:53 --resolver-address=$DNS_SERVER:443 --provider-name=2.dnscrypt-cert.example.org --provider-key=4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191 NOTE: You need to replace $DNS_SERVER with your server IP address.