diff options
| author | rnhmjoj <rnhmjoj@inventati.org> | 2018-01-08 15:09:33 +0100 |
|---|---|---|
| committer | rnhmjoj <rnhmjoj@inventati.org> | 2018-01-08 15:09:33 +0100 |
| commit | 4ebb9621f44bf440ed8f35fc3ec3329840139136 (patch) | |
| tree | 795c0cf97d64d004e52ee91f93556c60fca4055e /nixos/modules/services/networking/dnscrypt-proxy.xml | |
| parent | 9dcb4b40b01ea25f1fcefeb45da922c5a2a60698 (diff) | |
| download | nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar.gz nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar.bz2 nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar.lz nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar.xz nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.tar.zst nixpkgs-4ebb9621f44bf440ed8f35fc3ec3329840139136.zip | |
Revert "nixos/dnscrypt-proxy: remove"
This reverts commit 5dc2853981b6e9287668dd17477375adfeb60ebf. The project has a new maintainer.
Diffstat (limited to 'nixos/modules/services/networking/dnscrypt-proxy.xml')
| -rw-r--r-- | nixos/modules/services/networking/dnscrypt-proxy.xml | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml new file mode 100644 index 00000000000..555c6df4d55 --- /dev/null +++ b/nixos/modules/services/networking/dnscrypt-proxy.xml @@ -0,0 +1,69 @@ +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-dnscrypt-proxy"> + + <title>DNSCrypt client proxy</title> + + <para> + The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled + upstream resolver. The traffic between the client and the upstream + resolver is encrypted and authenticated, mitigating the risk of MITM + attacks, DNS poisoning attacks, and third-party snooping (assuming the + upstream is trustworthy). + </para> + + <sect1><title>Basic configuration</title> + + <para> + To enable the client proxy, set + <programlisting> + services.dnscrypt-proxy.enable = true; + </programlisting> + </para> + + <para> + Enabling the client proxy does not alter the system nameserver; to + relay local queries, prepend <literal>127.0.0.1</literal> to + <option>networking.nameservers</option>. + </para> + + </sect1> + + <sect1><title>As a forwarder for another DNS client</title> + + <para> + To run the DNSCrypt proxy client as a forwarder for another + DNS client, change the default proxy listening port to a + non-standard value and point the other client to it: + <programlisting> + services.dnscrypt-proxy.localPort = 43; + </programlisting> + </para> + + <sect2><title>dnsmasq</title> + <para> + <programlisting> + { + services.dnsmasq.enable = true; + services.dnsmasq.servers = [ "127.0.0.1#43" ]; + } + </programlisting> + </para> + </sect2> + + <sect2><title>unbound</title> + <para> + <programlisting> + { + services.unbound.enable = true; + services.unbound.forwardAddresses = [ "127.0.0.1@43" ]; + } + </programlisting> + </para> + </sect2> + + </sect1> + +</chapter> |