Shulou(Shulou.com)06/01 Report--

Earlier I introduced a very important part of DnsCrypt_Proxy for scientific access to the Internet, which is actually the client. After dnscrypt-proxy is installed, it will provide some foreign public dnscrypt-wrapper services, so the server side of dnscrypt is dnscrypt-wrapper. Dnscrypt provides programs and tutorials to build dnscrypt-wrapper services on your own. Here I will briefly talk about the construction of the dnscrypt-wrapper server.

Previously on:

Server-side system platform: CentOS 6 x86x64

Dnscrypt-wrapper version: (the official version number is not specified, the author used the December 2016 version when writing)

Dnscrypt update description: since the dnscrypt update, the software function has become stable, and the pace of the update has further slowed down.

Dnscrypt-proxy version: 1.4.0 (at present, it has been updated to 1.6, but the new version is relatively old in the EL6 platform, so you may need to update the system to rely on the software version on the centos6 rhel6 platform, but it can be installed and run well on the EL7 platform)

Start the installation:

# dnscrypt-wrapper relies on libsodium and libevent2 development packages. Centos 6 systems use libevent 1 by default, so you need to uninstall libevent 1, then install libevent2yum remove-y libevent-develyum install-y libevent2-devel libsodium-devel, download dnscrypt-wrappertar xvf dnscrypt-wrapper.tar.gzcd dnscrypt-wrappermake configure./configure-- prefix=/usr/local/dnscrypt_wrapper-- datarootdir=/usr/share/-- mandir=/usr/share/man/make install, and update the environment variables. Add the / usr/local/dnscrypt_wrapper/sbin path to the PATH variable.

Configure dnscrypt-wrapper:

1. Generate public and private keys.

Cd ~ mkdir dnskey// create a new directory to store the certificate cd dnskeydnscrypt-wrapper-- gen-provider-keypair// generates provider key pair. Default is secret.key public.key.

Here the system will feedback a fingerprint information, which is the "provider_public_key" needed for client configuration! So be sure to keep it. The fingerprint information can also be printed later:

Dnscrypt-wrapper-show-provider-publickey-fingerprint-provider-publickey-file=public.key

two。 Generate signing certificate

Generate certificate private key generates a signing certificate for dnscrypt-wrapper-- gen-crypt-keypair-- crypt-secretkey-file=1.key. By default, you can use-- cert-file-expire-days to specify a valid time dnscrypt-wrapper-- gen-cert-file-- crypt-secretkey-file=1.key-- provider-cert-file=1.cert.

3. Dnscrypt-wrapper process runs and listens to a port, which is the default port for both tcp and udp.

Dnscrypt-wrapper-resolver-address=114.114.114.114:53-listen-address=0.0.0.0:3536\-provider-name=2.dnscrypt-cert.abc.com\-crypt-secretkey-file=1.key-provider-cert-file=1.cert-VV

The provider-name= is not necessary and can be filled in freely, but note that it must be 2.dnscrypt-cert. The beginning.

-VV enables details mode

The background operation mode of dptw, Musi, and daemonize

At this point, the dnscrypt-wrapper server is ready to complete. Remember the first step of public.key and secret.key are properly preserved.

Configure the dnscrypt-proxy client:

Refer to the first article I mentioned at the beginning for configuration. Here we only talk about how to interface with the self-built dnscrypt service.

Dnscrypt-proxy-local-address=0.0.0.0:3536\-provider-key=3233:0058:E78B:77BB:7683:71BD:BB72:E226:7DBC:DBC6:0473:8753:DC13:40D3:EDF5:A3BA\-provider-name=2.dnscrypt-cert.cbd.cn\-resolver-address=12.34.56.78:443

Local-address is the local listening address and accepts query information from the client.

Resolver-address is the address and port of the dnscrypt-wrapper server. The address here cannot be replaced by a resolvable domain name.

The public key fingerprint information generated by provider-key for the first step of configuring dnscrypt-wrapper

The remaining configuration parameters will not be explained in detail here.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.