Arch 一直被称为Linux中的邪教,但是经不住本人喜欢,下面介绍下Arch下使用DNSCrypt-Proxy加密DNS查询
DNSCrypt-Proxy支持通过DNSCrypt 和 DNS Over HTTPS 向DNS服务器进行查询
安装方法
1:安装
pacman -S dnscrypt-proxy

2:修改配置文件
安装好后配置文件放置于/etc/dnscrypt-proxy/dnscrypt-proxy.toml
nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
找到# server_names 去掉前面的注释#
修改为【当然你也可以修改成其他服务商名】:
server_names = ['geekdns-e', 'geekdns-w', 'geekdns-n', 'geekdns-s', 'geekdns-ru', 'geekdns-hk', 'geekdns-de']
监听地址以及端口:listen_addresses = ['127.0.0.1:53', '[::1]:53']
如果你只是本机使用请修改127.0.0.1 为0.0.0.0
require_dnssec = false #是否支持DNSSEC 默认为false Geekdns支持DNSSEC
require_nolog = true #是否无日志 默认为true Geekdns不记录任何日志
require_nofilter = false #是否无过滤规则,Geekdns自带跟踪器过滤所以这里必须改为false
force_tcp = false #只使用tcp强烈建议关闭,大部分服务商不支持TCP
require_nofilter Geekdns自带跟踪器过滤所以这里必须改为false
下拉到底部添加以下内容
[static]
[static.'geekdns-e']
stamp = 'sdns://AgMAAAAAAAAADTQ3LjEwMS4xMzYuMzcgPhoaD2xT8-l6SS1XCEtbmAcFnuBXqxUFh2_YP9o9uDgOZWRucy4yMzNweS5jb20KL2Rucy1xdWVyeQ'
[static.'geekdns-n']
stamp = 'sdns://AgMAAAAAAAAADzExNC4xMTUuMjQwLjE3NSA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OA5uZG5zLjIzM3B5LmNvbQovZG5zLXF1ZXJ5'
[static.'geekdns-s']
stamp = 'sdns://AgMAAAAAAAAADTExOS4yOS4xMDcuODUgPhoaD2xT8-l6SS1XCEtbmAcFnuBXqxUFh2_YP9o9uDgOc2Rucy4yMzNweS5jb20KL2Rucy1xdWVyeQ'
[static.'geekdns-w']
stamp = 'sdns://AgMAAAAAAAAADjExOC4yNC4yMDguMTk3ID4aGg9sU_PpekktVwhLW5gHBZ7gV6sVBYdv2D_aPbg4DndkbnMuMjMzcHkuY29tCi9kbnMtcXVlcnk'
[static.'geekdns-ru']
stamp = 'sdns://AgcAAAAAAAAADTkxLjE4OC4yMjMuNjYAEHJ1LWRucy4yMzNweS5jb20KL2Rucy1xdWVyeQ'
[static.'geekdns-hk']
stamp = 'sdns://AgcAAAAAAAAADTExOS4yOC42OC4xNDIAEGhrLWRucy4yMzNweS5jb20KL2Rucy1xdWVyeQ'
[static.'geekdns-de']
stamp = 'sdns://AgcAAAAAAAAADjE3Ni45Ni4xMzguMjExABBkZS1kbnMuMjMzcHkuY29tCi9kbnMtcXVlcnk'
修改完毕保存文件
3:开启服务
systemctl enable --now dnscrypt-proxy.service
四:测试是否可用
安装各种网络工具
pacman -S net-tools dnsutils inetutils iproute2 netcfg
安装好后使用dig测试
dig @127.0.0.1 www.baidu.com
测试结果:
[XYZMArch ~]# dig @127.0.0.1 www.baidu.com
; <<>> DiG 9.13.5 <<>> @127.0.0.1 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31024
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: x.x.x.x/24/11
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 349 IN CNAME www.a.shifen.com.
www.a.shifen.com. 349 IN A 115.239.210.27
www.a.shifen.com. 349 IN A 115.239.211.112
;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 三 2月 20 20:06:26 CST 2019
;; MSG SIZE rcvd: 112
五:修改系统DNS地址
nano /etc/resolv.conf
修改里面nameserver为
nameserver 127.0.0.1
nameserver 119.29.29.29
大功告成!
最后于 5月前
被admin编辑
,原因: