an anti-pollution DNS server
Including the following software:
- bind
- dnscrypt-wrapper
- collectd
docker run -itd \
--name=neatdns \
-p 53:53/tcp \
-p 53:53/udp \
-p 443:443/tcp \
-p 443:443/udp \
-v $DNSCRYPT_KEY_PATH:/srv/dnscrypt-wrapper \
-e DNSCRYPT_PROVIDER=2.dnscrypt-cert.example.org \
--cap-add=NET_ADMIN \
ustclug/neatdns
P.S. you should install docker first.
Available environment variables:
Name | Implication | Default Value |
---|---|---|
GLOBAL_DNS1 | preferred DNS server to resolve non-China website | 8.8.4.4 |
GLOBAL_DNS2 | alternate DNS server to resolve non-China website | 8.8.8.8 |
CHINA_DNS1 | preferred DNS server to resolve China website | 119.29.29.29 |
CHINA_DNS2 | alternate DNS server to resolve China website | 223.5.5.5 |
DNSCRYPT_ON | auto-start DNSCrypt daemon | true |
DNSCRYPT_PROVIDER | DNSCrypt provider name | 2.dnscrypt-cert.ustclug.org |
DNSCRYPT_PORT | DNSCrypt port | 443 |
COLLECTD_ON | auto-start collectd | false |
COLLECTD_HOSTNAME | hostname defined in collectd.conf | neatdns |
INFLUXDB_HOST | remote influxDB host | influxdb |
INFLUXDB_PORT | remote influxDB port | 25826 |
FAIL2BAN_ON | auto-start fail2ban | true |
Please get your own DNSCrypt fingerprint first:
$ cat $DNSCRYPT_KEY_PATH/fingerprint
Provider public key fingerprint : 4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
ATTENTION: It would show a different fingerprint, please replace the fingerprint below with your own one.
Then, run dnscrypt-proxy on the client side, for example:
dnscrypt-proxy --local-address=127.0.0.1:53 --resolver-address=$DNS_SERVER:443 --provider-name=2.dnscrypt-cert.example.org --provider-key=4365:1587:E7A0:8C7C:1759:D300:6218:89AE:5999:42CA:562E:CB00:03E5:2147:A850:E191
NOTE: You need to replace $DNS_SERVER
with your server IP address.