Temat: Dnscrypt a dnsmasq
Witam
miałem założenie blokowania na pętle 127.0.0.1 w dnsmasq zachciało mi się szyfrować zapytania przez dnscrypt i zauważyłem
że jednoczesne działanie w/w dns rozwala moją koncepcję blokowania w konfigu dnsmasq mam ustawione:
config dnsmasq
option domainneeded '1'
option filterwin2k '1'
option localise_queries '1'
option rebind_protection '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '1'
option authoritative '1'
option logqueries '1'
option logfacility '/mnt/sdb1/NAS/RUTER/dnsmasq.log'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '1'
option localservice '1'
list address '/b1.tubexo.net/127.0.0.1'
list address '/www.avito.ru/127.0.0.1'
list address '/yandex.com/127.0.0.1'
list address '/www.yahoo.com/127.0.0.1'
list addnhosts '/mnt/sdb1/NAS/PL'
list addnhosts '/mnt/sdb1/NAS/W10'
list addnhosts '/mnt/sdb1/NAS/adblock'
option quietdhcp '1'
option cachesize '0'
option noresolv '1'
list server '/pool.ntp.org/8.8.8.8'
list server '127.0.0.1#5353'
option rebind_localhost '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '15'
option leasetime '1h'
option ra '0'
option dhcpv6 '0'
option dynamicdhcp '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
---------------------------------------------------
/etc/config/dnscrypt-proxy
config global
config dnscrypt-proxy 'ns1'
option address '127.0.0.1'
option port '5353'
option resolver 'dnscrypt.org-fr'
-------------------------------------------------------
/etc/resolv-crypt.conf
options timeout:1
----------------------------------------------------------
ruter ma w iptables usawiony port 53 według zasady
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p udp --dport 53 -j DNAT --to 192.168.1.100
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p tcp --dport 53 -j DNAT --to 192.168.1.100
-----------------------------------------------------------------------------------------------------------------------------
daemon.notice dnscrypt-proxy[10244]: dnscrypt-proxy Proxying from 127.0.0.1:5353 to 212.47.228.136:443
co należało by tutaj poprawić ?