NixOS Wiki

Encrypted DNS: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Papanito
add example of dnscrypt forwarding
Modify example dnscrypt-proxy2 configuration to make it clearer where to get server names, and include a potential fix for persistent systems.
Line 42: Line 42:
           "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
           "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
         ];
         ];
         cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
         cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
         minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
         minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
       };
       };


       # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
       # Choose a specific set of servers that come from your sources.
       # server_names = [ ... ];
      # Here it's from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
       server_names = [ ... ];
     };
     };
   };
   };
Line 53: Line 54:
   systemd.services.dnscrypt-proxy2.serviceConfig = {
   systemd.services.dnscrypt-proxy2.serviceConfig = {
     StateDirectory = "dnscrypt-proxy";
     StateDirectory = "dnscrypt-proxy";
    # If you're trying to set up persistence with dnscrypt-proxy2 and it isn't working
    # because of permission issues, try the following:
    # StateDirectory = lib.mkForce "";
    # ReadWritePaths = "/var/lib/dnscrypt-proxy"; # Cache directory for dnscrypt-proxy2, persist this
   };
   };
}
}
Retrieved from "https://wiki.nixos.org/wiki/Encrypted_DNS"