================
== betoissues ==
================

DNS Configuration

Testing of this configurations can be made at DNSLeakTest

  1. Install DNSCloak
  2. Add Nixnet DNS to configuration. Nixnet DNS reference
[static.'NIXNET.NY-199.195.251.84']
stamp = 'sdns://AgMAAAAAAAAADjE5OS4xOTUuMjUxLjg0AB11bmNlbnNvcmVkLm55MS5kbnMubml4bmV0Lnh5egovZG5zLXF1ZXJ5'

NY Stamp

  1. Enable a fallback DNS (libredns) and the dummy VPN connection.

Arch Linux

  • Install dnscrypt-proxy

  • Edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml

    Enable the server_names with the allowed servers from the manually added and those from this, enable DNSSEC and add stamp for static servers.

    server_names = ['NIXNET.NY-196.195.251.84','libredns']
    require_dnssec = true
    
  • Modify /etc/resolv.conf to have the following content and lock it from being modified with # chattr -i /etc/resolv.conf

    nameserver ::1
    nameserver 127.0.0.1
    options edns0 single-request-reopen
    
  • Disable any other DNS clients (i.e. systemd-resolved)

  • Enable DNS systemd service sudo systemctl enable dnscrypt-proxy