67 lines
2 KiB
Text
67 lines
2 KiB
Text
+-----------------------------------------------------------------------
|
|
| Running ${PKGSTEM} on OpenBSD
|
|
+-----------------------------------------------------------------------
|
|
|
|
dnscrypt-proxy listens for DNS queries on a local address and forwards
|
|
them to a DNSCrypt resolver over an encrypted channel.
|
|
|
|
To use this package, several things are required.
|
|
|
|
Customizing dnscrypt-proxy.toml
|
|
===============================
|
|
|
|
Ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs.
|
|
|
|
Resolvers
|
|
---------
|
|
Uncomment 'server_names' to have a smaller set of public resolvers to be used
|
|
for load balancing. If this line is commented, all registered servers matching
|
|
the require_* filters will be used for load balancing. Refer to
|
|
${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md for a list of all public
|
|
resolvers.
|
|
|
|
Load balancing strategy
|
|
-----------------------
|
|
Note the load balancing strategy, controlled by 'lb_strategy'. It can be
|
|
set to one of the following values:
|
|
- 'first' (always pick the fastest server in the list)
|
|
- 'p2' (randomly choose between the top two fastest servers)
|
|
- 'ph' (randomly choose between the top fastest half of all servers)
|
|
- 'random' (just pick any random server from the list)
|
|
|
|
'p2' is the default option. For more information, see
|
|
https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options
|
|
|
|
Logging
|
|
-------
|
|
Logging is disabled by default.
|
|
|
|
To log to ${LOCALSTATEDIR}/log/messages:
|
|
log_level = 2
|
|
use_syslog = true
|
|
|
|
To log to a custom file:
|
|
log_level = 2
|
|
log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log'
|
|
|
|
Daemon
|
|
======
|
|
|
|
Start the daemon:
|
|
|
|
# rcctl enable dnscrypt_proxy
|
|
# rcctl start dnscrypt_proxy
|
|
|
|
resolv.conf
|
|
===========
|
|
|
|
Set ${SYSCONFDIR}/resolv.conf to perform queries from dnscrypt-proxy:
|
|
|
|
nameserver 127.0.0.1
|
|
lookup file bind
|
|
|
|
Note: If your IP address is dynamically fetched, dhclient(8) will normally
|
|
update resolv.conf with network-provided DNS servers. This can be avoided by
|
|
using "ignore domain-name, domain-name-servers;" in ${SYSCONFDIR}/dhclient.conf.
|
|
|
|
For more information, see https://dnscrypt.info/
|