Found this post about compiling and running DnsCrypt which is rather easy. https://gist.github.com/kafene/9699074
Just need to grab the newer libsodium and dnscrypt versions. It also includes an init script. Eran On Sun, Dec 27, 2015 at 9:46 AM Jesse V <kernelc...@riseup.net> wrote: > On 12/26/2015 10:33 PM, 12xBTM wrote: > > Also, in your current configuration. You have no unbound forward-zones. > > Which, to my understanding, is a fatal error if you're using DNSCrypt. > > Tor interfaces with Unbound on your 127.5.3.53, but how does Unbound > > know where to forward queries to DNSCrypt-proxy? > > Yes, because I'm no longer using DNSCrypt, just Unbound, which queries > authoritative DNS servers. I'm caching as much as I can but I'm out of > RAM at this point, so Unbound does have to do some recursions. I'm > tempted to re-apply DNSCrypt in order to forward queries to another > server that can do more caching, but I haven't done that yet. > > Thanks again to the folks on IRC who correctly pointed out that DNSCrypt > has the same security model as a VPN: it only protects client-server > traffic and the server has to be trustworthy. Currently, I'm better to > use DNSSEC and query against authoritative DNS servers than I am to turn > off DNSSEC and use Unbound. If I get a second server set up, it will use > DNSSEC and I'll chain the two Unbound instances together with DNSCrypt. > That should give me better performance. > > I'll look into setting up a fallback nameserver for redundancy as you > pointed out. > > -- > Jesse V > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
