DNSCrypt 2.0 and ad blocking

    In this article, I would like to consider the innovations of Dnscrypt, using a specific example that will surely prove useful to someone.

    For those who don’t know, Dnscrypt is a unique protocol for encrypting DNS traffic. It makes it possible to protect DNS communications from interceptions and spoofing, and, for example, bypass locks implemented at the level of DNS queries.

    Of the main features of the new version, first of all, I want to note the possibility of communication with the server via TCP, which makes such a channel more stable and less noticeable.

    In this article, we will take advantage of this and restrict access to advertising domains for variety / benefit.

    Dnscrypt-proxy


    In the new version, rewritten by the author in Go, the Dnscrypt-proxy settings are stored in the “dnscrypt-proxy.toml” configuration file. We consider only the parameters of interest:

    # Значение true включит проверку DNSSEC
    require_dnssec = false
    # Значение true позволит прокси серверу выполнять DNS-запросы по TCP.
    force_tcp = false
    # Здесь можно указать незашифрованный DNS-сервер, который будет использоваться в случае недоступности сервера DNSCrypt.
    fallback_resolver = '9.9.9.9:53'
    

    By the way, DNSCrypt now caches requests and updates the list of servers without the need for any additional configuration.

    Dnsmasq


    Dnsmasq will accept regular DNS queries on port 53 of the UDP protocol and redirect them to a DNSCrypt-proxy server.

    /etc/dnsmasq.conf
    no-resolv
    # Адрес прокси-сервера DNSCrypt
    server=127.0.0.1#5353
    listen-address=127.0.0.1
    proxy-dnssec
    

    Ad blocking


    The easiest way to block ads is by using the hosts file . You can find many open sources on the Internet that provide access to a list of unwanted domains. I use this repository , designed to block ads and other irrelevant content. The repository contains a script written in Python that updates the current hosts file in the system, according to the repository itself. To automate this process, just create a scheduled task in the system. I do it like this:

    # crontab -e
    @daily python /путь/к/репозиторию/hosts/updateHostsFile.py -ar
    

    The "-a" parameter tells the script to run in automatic mode, that is, without the need for user confirmation.

    The "-r" parameter tells the script to replace the hosts file in the system.

    Thanks for attention!

    Also popular now: