Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

Change the format of how IP addresses are specified

Browse Source
pull/5/head
Frank Denis 5 years ago
parent 4dbdfaca5c
commit 0b76ef2cce
5 changed files with 61 additions and 17 deletions
Show Stats Download Patch File Download Diff File

6
Cargo.toml
Unescape Escape View File

@ -3,7 +3,7 @@ name = "encrypted-dns"
version = "0.1.6" version = "0.1.6"
authors = ["Frank Denis <github@pureftpd.org>"] authors = ["Frank Denis <github@pureftpd.org>"]
edition = "2018" edition = "2018"
description = "A modern encrypted DNS server (DNSCrypt, Anonymized DNSCrypt, DoH)" description = "A modern encrypted DNS server (DNSCrypt v2, Anonymized DNSCrypt, DoH)"
keywords = ["dnscrypt", "encryption", "dns", "doh", "proxy"] keywords = ["dnscrypt", "encryption", "dns", "doh", "proxy"]
license = "MIT" license = "MIT"
homepage = "https://github.com/jedisct1/encrypted-dns-server" homepage = "https://github.com/jedisct1/encrypted-dns-server"
@ -13,13 +13,13 @@ readme = "README.md"
[dependencies] [dependencies]
byteorder = "1.3.2" byteorder = "1.3.2"
clap = { version="2.33.0", features=["wrap_help", "nightly"] } clap = { version="2.33.0", default-features = false, features=["wrap_help", "nightly"] }
clockpro-cache = "0.1.8" clockpro-cache = "0.1.8"
coarsetime = "0.1.11" coarsetime = "0.1.11"
daemonize-simple = "0.1.2" daemonize-simple = "0.1.2"
derivative = "1.0.3" derivative = "1.0.3"
dnsstamps = "0.1.1" dnsstamps = "0.1.1"
env_logger = "0.6.2" env_logger = { version="0.6.2", default-features = false, features = ["humantime"]}
failure = "0.1.5" failure = "0.1.5"
futures-preview = { version = "=0.3.0-alpha.18", features = ["async-await", "nightly", "cfg-target-has-atomic"] } futures-preview = { version = "=0.3.0-alpha.18", features = ["async-await", "nightly", "cfg-target-has-atomic"] }
jemallocator = "0.3.2" jemallocator = "0.3.2"

4
README.md
Unescape Escape View File

@ -57,7 +57,9 @@ That resolver can run locally and only respond to `127.0.0.1`. External resolver
In order to support DoH in addition to DNSCrypt, a DoH proxy must be running as well. [rust-doh](https://github.com/jedisct1/rust-doh) is the recommended DoH proxy server. DoH support is optional, as it is currently way more complicated to setup than DNSCrypt due to certificate management. In order to support DoH in addition to DNSCrypt, a DoH proxy must be running as well. [rust-doh](https://github.com/jedisct1/rust-doh) is the recommended DoH proxy server. DoH support is optional, as it is currently way more complicated to setup than DNSCrypt due to certificate management.
Review the [`encrypted-dns.toml`](https://raw.githubusercontent.com/jedisct1/encrypted-dns-server/master/encrypted-dns.toml) configuration file. This is where all the parameters can be configured, including the IP addresses to listen to. You should probably at least change the `provider_name` setting. Review the [`encrypted-dns.toml`](https://raw.githubusercontent.com/jedisct1/encrypted-dns-server/master/encrypted-dns.toml) configuration file. This is where all the parameters can be configured, including the IP addresses to listen to.
You should probably at least change the `listen_addresses` and `provider_name` settings.
Start the proxy. It will automatically create a new provider key pair if there isn't any. Start the proxy. It will automatically create a new provider key pair if there isn't any.

25
encrypted-dns.toml
Unescape Escape View File

@ -11,10 +11,14 @@
################################## ##################################
## IP addresses and ports to listen to ## IP addresses and ports to listen to, as well as their external IP
## If there is no NAT involved, `local` and `external` can be the same.
listen_addrs = ["0.0.0.0:443", "[::1]:4443"] ## As many addresses as needed can be configured here, IPv4 and/or IPv6.
listen_addrs = [
{ local = "0.0.0.0:443", external = "198.51.100.1:443" },
{ local = "[::]:443", external = "[2001:db8::1]:443" }
]
## IP address to connect to upstream servers from ## IP address to connect to upstream servers from
@ -114,6 +118,21 @@ daemonize = false
provider_name = "secure.dns.test" provider_name = "secure.dns.test"
## Does the server support DNSSEC?
dnssec = true
## Does the server always returns correct answers (no filtering, including ad blocking)?
no_filters = true
## Set to `true` if the server doesn't keep any information that can be used to identify users
no_logs = true
## Key cache capacity, per certificate ## Key cache capacity, per certificate
key_cache_capacity = 10000 key_cache_capacity = 10000

11
src/config.rs
Unescape Escape View File

@ -13,6 +13,9 @@ use tokio::prelude::*;
pub struct DNSCryptConfig { pub struct DNSCryptConfig {
pub provider_name: String, pub provider_name: String,
pub key_cache_capacity: usize, pub key_cache_capacity: usize,
pub dnssec: bool,
pub no_filters: bool,
pub no_logs: bool,
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
@ -20,9 +23,15 @@ pub struct TLSConfig {
pub upstream_addr: Option<SocketAddr>, pub upstream_addr: Option<SocketAddr>,
} }
#[derive(Serialize, Deserialize, Debug)]
pub struct ListenAddrConfig {
pub local: SocketAddr,
pub external: SocketAddr,
}
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
pub struct Config { pub struct Config {
pub listen_addrs: Vec<SocketAddr>, pub listen_addrs: Vec<ListenAddrConfig>,
pub external_addr: IpAddr, pub external_addr: IpAddr,
pub upstream_addr: SocketAddr, pub upstream_addr: SocketAddr,
pub state_file: PathBuf, pub state_file: PathBuf,

32
src/main.rs
Unescape Escape View File

@ -388,6 +388,12 @@ fn main() -> Result<(), Error> {
.takes_value(true) .takes_value(true)
.help("Path to the dnscrypt-wrapper secret key"), .help("Path to the dnscrypt-wrapper secret key"),
) )
.arg(
Arg::with_name("dry-run")
.long("dry-run")
.takes_value(false)
.help("Only print the connection information and quit"),
)
.get_matches(); .get_matches();
let config_path = matches.value_of("config").unwrap(); let config_path = matches.value_of("config").unwrap();
@ -448,21 +454,29 @@ fn main() -> Result<(), Error> {
}; };
let provider_kp = state.provider_kp; let provider_kp = state.provider_kp;
for listen_addr_s in &config.listen_addrs { for listen_addr_s in &config.listen_addrs {
info!("Server address: {}", listen_addr_s); info!("Public server address: {}", listen_addr_s.external);
info!("Provider public key: {}", provider_kp.pk.as_string()); info!("Provider public key: {}", provider_kp.pk.as_string());
info!("Provider name: {}", provider_name); info!("Provider name: {}", provider_name);
let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new( let mut stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
provider_name.clone(), provider_name.clone(),
provider_kp.pk.as_bytes().to_vec(), provider_kp.pk.as_bytes().to_vec(),
)) ))
.with_addr(listen_addr_s.to_string()) .with_addr(listen_addr_s.external.to_string());
.with_informal_property(InformalProperty::DNSSEC) if config.dnscrypt.dnssec {
.with_informal_property(InformalProperty::NoFilters) stamp = stamp.with_informal_property(InformalProperty::DNSSEC);
.with_informal_property(InformalProperty::NoLogs) }
.serialize() if config.dnscrypt.no_filters {
.unwrap(); stamp = stamp.with_informal_property(InformalProperty::NoFilters);
}
if config.dnscrypt.no_logs {
stamp = stamp.with_informal_property(InformalProperty::NoLogs);
}
let stamp = stamp.serialize().unwrap();
info!("DNS Stamp: {}", stamp); info!("DNS Stamp: {}", stamp);
} }
if matches.is_present("dry-run") {
return Ok(());
}
let dnscrypt_encryption_params_set = state let dnscrypt_encryption_params_set = state
.dnscrypt_encryption_params_set .dnscrypt_encryption_params_set
.into_iter() .into_iter()
@ -488,7 +502,7 @@ fn main() -> Result<(), Error> {
))), ))),
provider_name, provider_name,
provider_kp, provider_kp,
listen_addrs: config.listen_addrs, listen_addrs: config.listen_addrs.iter().map(|x| x.local).collect(),
upstream_addr: config.upstream_addr, upstream_addr: config.upstream_addr,
tls_upstream_addr: config.tls.upstream_addr, tls_upstream_addr: config.tls.upstream_addr,
external_addr, external_addr,

Write Preview
Loading…
Cancel
Save