How to add an IP alias to an EC2 instance on Debian/Ubuntu Linux

Instalar dnscrypt-proxy + dnsmasq en Debian 9

Instalar dnscrypt-proxy + dnsmasq en Debian 9

Bueno, volvemos con parte de lo mismo mostrado anteriormente, PERO con la condicional de que realmente para instalar éstos paquetes realmente cambiar en diferentes distribuciones como Slackware, Archlinux, Void, etc. Entonces dejo un video tutorial y también ésta entrada para que vean como se configura y se evitan perder tiempo y un dolor de cabeza en todo caso que no deseen investigar mucho.

Co…

View On WordPress

My home network has been having issues. Mostly it seems between the chromecast packet flooding bug and something to do with WiFi + android 8.1, but things will drop connections. I've eventually had to make one WiFi for my important stuff, and one for the random gadgets (which I probably should have done anyways). I'm not certain either of these things were happening, but they seemed to line up.

But on top of all that I wanted to try moving DNS off of my router and onto something I had more control over. I had heard of Pi-hole as a solution for system level ad-blocking, I was mostly hoping it would help my phone cause ads on mobile webpages really suck cause of load jumping around the page, I can generally ignore ads the rest of the time.

Docker has the usual advantage of things working out of the box. No configuring and everything because someone else did it for me.

So off I go to find an install of Pi-hole that works, and I can poke around with. It didn't take long. https://github.com/diginc/docker-pi-hole seems to work really well. Installed it, looked pretty good. Restarted it with ports mapped so I could play with it. Still success. DNS seemed fast and zippie. Fully usable.

But I wanted more. I was reading about dns-crypt, and had heard it could encrypt your DNS requests so your ISP and such couldn't actually track what you were doing (Not that I wanted to hide, but I liked the idea of it).

So off I go. I learn about dnscrypt-proxy, and quickly found a nice docker image. https://hub.docker.com/r/rix1337/docker-dnscrypt/

So off I go, seems pretty easy to set up. Just download, run, and point at the local proxy (there's a list on the docker hub page).

Nope, not that simple. Cause silly me, it needs port 53 as well. Okay, no problem, let me use another port and tell pihole to use that. hrm.. nope, the runtime configuration thingie eats up the '#' so I can't specify port like you can in the dnsmasq config that pihole uses. Okay. Okay, lets try a ip address alias. That seems to work, so pihole takes the main ip, and dnscrypt takes an alias? Sweet! I can manually query things on it, time to hook everything up together.

Hrm. Nope, wall again. Apparently my docker setup can't talk to anything but the main ip. I'm guessing its firewalld which I'm hoping to get rid of once I reinstall my system. Okay, what else can I try now?

After a bunch of reading online, I found out you create a docker network, and the various services can talk to eacho ther without needing to expose ports out to the rest of the network. That sounds perfect. Oh, wait, you need to resolve the addresses inside the containers, which totally won't work for dns because dns wants the ip so it can resolve. Close, I mean it would probably work because docker has its own dns proxy, but again you can't pass non ips to the pihole runtime configs. Okay whats next.

Lastly I found a quick script using docker inspect. docker inspect --format='' $container

I really wasn't sure this would actually work because in theory ips could change every time it starts up, but it seems to allocate the same ip if possible, so kinda lucked out. So now I had Pi-hole talking to dnscrypt-proxy, which meant my lookups were encrypted. Yay!

Okay, whats next? Next I want to get dnssec working again. Not the end of the world for Canada. Our government and ISP are not supposed to mess with dns results, but I wanted it anyways. Plus its nice to have when the time comes.

Oh Awesome. Pi-hole has a option for it. Time to enable it.

Enabled, success. Time to walk away.

Oh wait, things are failing. Why are they failing?

Long story short, the version of Debian that was bundled with the Pi-hole docker image was super old. So the version of Dnsmasq was super old. It wouldn't handle any cloudflare based dns requests that had dnssec enabled (which my domain does). Okay, now what? Started to dig into how the docker image was built. Looks like it actually wasn't that hard to get it running with latest stable instead of the old stable.  Between the work I did, and a different PR the author did, we managed to get it upgraded to Debian stretch that afternoon. I tried the latest build and success, everything was resolving again. Time to walk away right?

Wrong. Suddenly I started getting all these cron errors about mirrors.fedoraproject.org not resolving. Turns out Dnsmasq also had an issue with the certs for that domain. Okay, disable dnssec and start researching again. Turns out again Dnsmasq had a new - newer version that had it fixed, but wasn't in Debian stretch. Turned out actually to be a pretty easy fix. I had never tried to install a testing package in stable before, but for Dnsmasq that didn't really have dependencies, it was super easy. And thus my Pi-hole image was born. Sadly it would be nice to have it in the base image. And one day I'll clean up a patch and get it submitted, but I'm happy to be totally encrypted and verified dns now.

This post turned out to be way more rambly and disconnected than I expected, but I'm very happy with the results. I now have systemd keeping up dnscrypt (primary and backup) and Pi-hole and now have fast stable dns and my phone is no longer randomly disconnecting everything. I'm pretty happy with the results. Plus pretty graphs.

via The Nameless Site

How to uninstall dnscrypt-proxy and revert to previous DNS settings on the Raspberry Pi 3 Model B+

How to uninstall dnscrypt-proxy and revert to previous DNS settings on the Raspberry Pi 3 Model B+

Writing this because while there’s a lot of documentation about installing dnscrypt-proxy, there’s very little about removing it.

This guide assumes a few things:

Raspbian Stretch or later with default desktop environment

dnscrypt-proxy was manually installed (read: not installed via a package manager or from a repository)

resolvconf was not uninstalled and/or removed from Raspbian

The DNS…

View On WordPress

How To Hide Your Browser History With Encrypted Dns

With net neutrality on its way out, ISPs have more free reign than ever before to go through everything you do online. When you run a business, privacy is essential, so you don’t need ISPs selling your data to interested parties, especially competitors. Fortunately, there are ways around this, even with the death of network regulation.

One of the best ways to hide your browser history from ISPs is with an encrypted DNS or Domain Name System. Your DNS server is essentially the server ISPs use to monitor your internet habits. While it’s essential for browsing the internet, there is a way to hide your activity from your provider using encryption. Learn more about how to protect your business with Encrypted DNS.

DNSCRYPT

The original method of encrypting your DNS is DNSCrypt, which has been around for about ten years now. While it was initially designed to prevent DNS spoofing, it can be used as a privacy tool as well. Fortunately, you don’t have to be an expert to make use of this handy system as Simple DNSCrypt for Windows and DNS Cloak for iOS have been developed. Installing either will give you added protection when your business goes online.

Your primary advantage of using DNSCrypt is that it looks and functions almost exactly like a typical DNS server in terms of function and appearance. You won’t experience too much lag in your response time and will still be able to get past some of your ISP’s firewalls. It’s important to remember, however, that DNSCrypt was never developed to meet a high standard, as it never had corporate sponsorship.

TRANSPORT LAYER SECURITY

If you’re looking for something a bit more trustworthy to protect your business’ online activity, Transport Layer Security or TLS might be a better choice. The first thing you need to know is that it’s a proposed Internet Engineering Task Force standard, which DNSCrypt was not. TLS also handles encryption in an easy-to-understand manner simply by encrypting DNS requests as they happen.

Utilizing TLS can be a bit tough, however, if your systems aren’t running on Linux. A working version for iOS has some hang, while the Windows 10 version frequently fails. When it does work, it uses Simple Public Key Infrastructure, which is a system in which a stored copy of your provider’s certificate is referenced for encryption. While this is good enough in most cases, it becomes useless if your ISP changes its certificate. You’ll have to go into the program and update it manually, which can be daunting for someone without technical expertise.

HTTPS

Arguably the best solution to your privacy concerns is using HTTPS DNS encryption. It’s the IETF standard and turns all of your provider’s DNS requests into encrypted web traffic, hiding your activities from their view. HTTPS works extremely well with web protocols, so you’ll have no problem accessing virtually anything you want without DNS requests revealing your activities.

This protocol can add some extra wait time to your browsing, but a second or so is a small price to pay for privacy and security. Quite a few DoH (DNS over HTTPS) programs are available for you, so you shouldn’t have a problem finding one. If you want to reduce the performance hit, you can actually run it through a DNSCrypt Proxy, but that’s not exactly easy to set up on your own.

DNS ENCRYPTION FROM U.S. COMPUTER CONNECTION

If you want to run your DNS over HTTPS in conjunction with a DNSCrypt Proxy or want to try any other privacy solution, U.S. Computer Connection is happy to help. You don’t need to learn how to hide your browser history when you can have us simply do it for you. We offer a wide variety of IT solutions for businesses and can offer as much or as little help as you want. Contact us today to learn more about how we can protect and optimize your business.

The post How To Hide Your Browser History With Encrypted DNS appeared first on U.S. Computer Connection.

How to install dnscrypt-proxy on Debian Linux 11/12

Here is how to install a dnscrypt proxy with adblocker on Linux to block internet tracking, advertisements (Ads) and malware at DNS level

-> How to install dnscrypt proxy with adblocker on Linux

Instalación y Configuración de dnscrypt-proxy + dnsmasq en Archlinux Actualizado

Instalación y Configuración de dnscrypt-proxy + dnsmasq en Archlinux Actualizado

Para los que no sepan qué es y como funciona dnscrypt-proxy y dnsmasq dejo aquí un link con información al respecto. Ésa guía de instalación y configuración es con una versión antigua, asi que por favor en el caso que usen ésa versión sigan ése tutorial, sinó continuamos aquí.

Comencemos!

1 – Instalamos los paquetes necesarios, ósea dnscrypt-proxy y dnsmasq:

# pacman dnscrypt-proxy dnsmasq

2 –…

View On WordPress

Bueno, ya que tengo instalado dnscrypt-proxy + dnsmasq en diferentes distribuciones (Debian, Ubuntu, Slackware, etc), porqué no aplicar éstos órdenes en Void también? Al comienzo creí que se iba a complicar, pero luego de comprender el funcionamiento básico del init (runit), fué muy sencillo, asi que les dejo a continuación los pasos que corresponden junto con un video también.

Comencemos!

1 – Instalamos los paquetes necesarios, ósea dnscrypt-proxy, dnsmasq y bind-utils (éste último para usar la órden “dig“):

# xbps-install -S dnscrypt-proxy dnsmasq bind-utils

2 – Editamos el archivo resolv.conf y debe quedar así:

nameserver 127.0.0.1

NOTA: Si quieren pueden hacer un backup del archivo original así:

# cp /etc/resolv.conf /etc/resolv.conf.bak

3 – 3 – Ahora lo protegeremos contra escritura, ya que cada vez que iniciamos el servicio dhcpcd/NetworkManager o el que usemos, éste escribe nuevamente en /etc/resolv.conf, entonces escribimos ésto:

# chattr +i /etc/resolv.conf

4 – Ahora colocaremos un proxy en la línea 16: ResolverName random:

Por ejemplo eliminamos random y colocamos un dns que podemos visualizar en: /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv.

También modificaremos el puerto por default (el 53) colocando por ejemplo el 40 que es el que uso actualmente de ésta manera:

– Buscamos la línea 69: LocalAddress: 127.0.0.1:53 y modificamos el 53 por el 40.

Guardamos y cerramos.

5 – Ahora editaremos el archivo /etc/dnsmasq.conf y descomentamos (eliminamos el “#”) las siguientes líneas y colocaremos éstos valores:

línea 58: no-resolv línea 66: server=127.0.0.1#40 línea 111: listen-address=127.0.0.1

Guardamos y cerramos también.

6 – Crearemos los enlaces simbólicos de dnscrypt-proxy server y de dnsmasq así:

# ln -s /etc/sv/dnscrypt-proxy /var/service/ # ln -s /etc/sv/dnsmasq /var/service/

– Por las dudas miramos que se hayan iniciado los servicios como se ve en la foto:

– Ahora hacemos un ping para comprobar que tenemos conexión:

# ping -c3 google.com

7 – Y por último vamos a comprobar que dnscrypt-proxy + dnsmasq cumplan su función, asi que usaremos la orden dig de la siguiente manera:

# dig linuxforallsite.wordpress.com | grep “Query time”

Y nos arroja por ejemplo: Query time: 313 msec

Ahora si volvemos a escribir la misma línea veremos: Query time: 0 msec

Bueno espero que les haya servido, ahora les dejo a continuación un video tutorial también.

¿Qué usamos? Distribución: Void. Editor de Texdto: nano.

Abrazo de gol!

Instalar dnscrypt-proxy + dnsmasq en Void Linux Bueno, ya que tengo instalado dnscrypt-proxy + dnsmasq en diferentes distribuciones (Debian, Ubuntu, Slackware, etc), porqué no aplicar éstos órdenes en…