Fix bootstrapping

This commit is contained in:
quindecim 2022-10-12 11:41:37 +02:00
parent fe2926386f
commit a3cbaab2a0
3 changed files with 4 additions and 14 deletions

View File

@ -38,9 +38,9 @@ All the binary files are downloaded from the [official release page](https://git
- `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query) - `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query)
- `bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53']` (use [resolver1.dns.watch](https://dns.watch/) and [resolver2.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln)) - `bootstrap_resolvers = ['185.222.222.222:53']` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
- `netprobe_address = '84.200.69.80:53'` (use [resolver1.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln)) - `netprobe_address = '185.222.222.222:53'` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
- `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response) - `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response)

View File

@ -248,7 +248,7 @@ dnscrypt_ephemeral_keys = true
## not be sent there. If you're using DNSCrypt or Anonymized DNS and your ## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
## lists are up to date, these resolvers will not even be used. ## lists are up to date, these resolvers will not even be used.
bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53'] bootstrap_resolvers = ['185.222.222.222:53']
## Always use the bootstrap resolver before the system DNS settings. ## Always use the bootstrap resolver before the system DNS settings.
@ -274,7 +274,7 @@ netprobe_timeout = -1
## On other operating systems, the connection will be initialized ## On other operating systems, the connection will be initialized
## but nothing will be sent at all. ## but nothing will be sent at all.
netprobe_address = '84.200.69.80:53' netprobe_address = '185.222.222.222:53'
## Offline mode - Do not use any remote encrypted servers. ## Offline mode - Do not use any remote encrypted servers.

View File

@ -8,16 +8,6 @@ MODDIR=${0%/*}
# This script will be executed in post-fs-data mode # This script will be executed in post-fs-data mode
# Redirect DNS requests to localhost
iptables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354
# Force disable IPv6 OS connections # Force disable IPv6 OS connections
resetprop net.ipv6.conf.all.accept_redirects 0 resetprop net.ipv6.conf.all.accept_redirects 0
resetprop net.ipv6.conf.all.disable_ipv6 1 resetprop net.ipv6.conf.all.disable_ipv6 1