DNSCrypt: Difference between revisions
imported>Makefu import from nixos-users |
imported>Fadenb m Syntaxhighlight |
||
| Line 5: | Line 5: | ||
The following snippet will enable DNSCrypt and set it as the default system resolver. | The following snippet will enable DNSCrypt and set it as the default system resolver. | ||
< | <syntaxhighlight lang="nix">{ # configuration.nix | ||
services.dnscrypt-proxy = { | services.dnscrypt-proxy = { | ||
enable = true; | enable = true; | ||
| Line 12: | Line 12: | ||
# https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv | # https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv | ||
# or setup your own. | # or setup your own. | ||
#resolverName = | #resolverName = "cs-de"; | ||
}; | }; | ||
networking.nameservers = [ | networking.nameservers = ["127.0.0.1"]; | ||
}</ | }</syntaxhighlight> | ||
Revision as of 09:10, 27 August 2017
Usually DNS is not encrypted and unauthenticated by default. Some countries or provider may change the result of domain resolution.
Enable DNSCrypt
The following snippet will enable DNSCrypt and set it as the default system resolver.
{ # configuration.nix
services.dnscrypt-proxy = {
enable = true;
# the official default resolver is unreliable from time to time
# either use a different, trust-worthy one from here:
# https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
# or setup your own.
#resolverName = "cs-de";
};
networking.nameservers = ["127.0.0.1"];
}