a16d993949
- Minimum golang version now at 1.15 - Include 'notice' and 'patents' files of vendored packages. - Paths and hints in configuration file adjusted and added. OBS-URL: https://build.opensuse.org/request/show/860360 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=31
74 lines
2.3 KiB
Plaintext
74 lines
2.3 KiB
Plaintext
***************************************************************************
|
|
* *
|
|
* README.openSUSE last edited by cunix for version 2.0.44 *
|
|
* *
|
|
***************************************************************************
|
|
|
|
|
|
Some hints:
|
|
-----------
|
|
|
|
Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first!
|
|
|
|
A.
|
|
If dnscrypt-proxy should act as your primary resolver and only listen at
|
|
127.0.0.1:53, start as root once with
|
|
|
|
$ systemctl start dnscrypt-proxy.socket
|
|
|
|
and if you don't want to repeat this after next boots, do
|
|
|
|
$ systemctl enable dnscrypt-proxy.socket
|
|
|
|
|
|
B.
|
|
If you have some other resolver listening on 127.0.0.1:53 that should forward
|
|
queries to dnscrypt-proxy it is recommended to create as root the directory
|
|
|
|
/etc/systemd/system/dnscrypt-proxy.socket.d
|
|
|
|
and copy the file
|
|
|
|
dnscrypt-proxy.socket.conf
|
|
|
|
into the created directory.
|
|
An example file should be available in this doc directory:
|
|
/usr/share/doc/packages/dnscrypt-proxy
|
|
|
|
Afterwards you have to start/enable the socket unit as described above in A.
|
|
Additionally your primary resolver has to be configured to forward requests to
|
|
the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for
|
|
example.
|
|
|
|
|
|
C.
|
|
Alternatively the unit dnscrypt-proxy.service can be used the same way as the
|
|
socket unit described in A for starting and enabling.
|
|
|
|
This will require you to set "listen_addresses" in file
|
|
|
|
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
|
|
|
In this case dnscrypt-proxy has to setup the sockets itself and because it is
|
|
by default executed as user "dnscrypt" it is not allowed to listen on
|
|
ports < 1024.
|
|
|
|
If dnscrypt-proxy should listen on these lower ports
|
|
a) the socket unit should be used or
|
|
b) the program has to be started directly by root or
|
|
c) the user settings in the service unit have to be overridden
|
|
as described in B with files ending with ".conf"
|
|
in a to be created directory at
|
|
|
|
/etc/systemd/system/dnscrypt-proxy.service.d
|
|
|
|
|
|
D.
|
|
The socket OR the service unit should be started/enabled - not both.
|
|
If the socket unit is used, it will start the service unit when queries are sent
|
|
to one of its configured addresses.
|
|
|
|
If using systemd, the PID should be available in file
|
|
/run/dnscrypt-proxy/dnscrypt-proxy.pid
|
|
|