From a3cbaab2a07f68e1cfa7fe9fc3d33424066e311d Mon Sep 17 00:00:00 2001 From: quindecim <49964366+quindecim@users.noreply.github.com> Date: Wed, 12 Oct 2022 11:41:37 +0200 Subject: [PATCH] Fix bootstrapping --- README.md | 4 ++-- config/dnscrypt-proxy.toml | 4 ++-- post-fs-data.sh | 10 ---------- 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 67a11fc..b4a5c1a 100644 --- a/README.md +++ b/README.md @@ -38,9 +38,9 @@ All the binary files are downloaded from the [official release page](https://git - `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query) -- `bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53']` (use [resolver1.dns.watch](https://dns.watch/) and [resolver2.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln)) +- `bootstrap_resolvers = ['185.222.222.222:53']` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln)) -- `netprobe_address = '84.200.69.80:53'` (use [resolver1.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln)) +- `netprobe_address = '185.222.222.222:53'` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln)) - `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response) diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml index 6e292c3..8d9f51f 100644 --- a/config/dnscrypt-proxy.toml +++ b/config/dnscrypt-proxy.toml @@ -248,7 +248,7 @@ dnscrypt_ephemeral_keys = true ## not be sent there. If you're using DNSCrypt or Anonymized DNS and your ## lists are up to date, these resolvers will not even be used. -bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53'] +bootstrap_resolvers = ['185.222.222.222:53'] ## Always use the bootstrap resolver before the system DNS settings. @@ -274,7 +274,7 @@ netprobe_timeout = -1 ## On other operating systems, the connection will be initialized ## but nothing will be sent at all. -netprobe_address = '84.200.69.80:53' +netprobe_address = '185.222.222.222:53' ## Offline mode - Do not use any remote encrypted servers. diff --git a/post-fs-data.sh b/post-fs-data.sh index da1e9e3..10c7c70 100644 --- a/post-fs-data.sh +++ b/post-fs-data.sh @@ -8,16 +8,6 @@ MODDIR=${0%/*} # This script will be executed in post-fs-data mode -# Redirect DNS requests to localhost -iptables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 -iptables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 -iptables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 -iptables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 -# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354 -# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354 -# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354 -# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354 - # Force disable IPv6 OS connections resetprop net.ipv6.conf.all.accept_redirects 0 resetprop net.ipv6.conf.all.disable_ipv6 1