DNSCrypt 2.0 and ad blocking
In this article I would like to consider the innovations of Dnscrypt, on a specific example, which will certainly be useful for someone.
For those who do not know, Dnscrypt is a unique protocol for encrypting DNS traffic. It makes it possible to protect DNS communications from interceptions and spoofing, and for example, bypass blocking implemented at the level of DNS queries.
Of the main features of the new version, first of all, I would like to note the possibility of communication with the server via TCP, which makes such a channel more stable and less noticeable.
')
In this article, we will take advantage of this advantage and for variety / benefit we will limit access to advertising domains.
In the new version, rewritten by the author in the Go language, the Dnscrypt-proxy settings are stored in the configuration file “dnscrypt-proxy.toml”. Consider only the parameters of interest:
By the way, now DNSCrypt caches requests and updates the list of servers without the need for any additional configuration.
Dnsmasq will accept normal DNS requests on port 53 of the UDP protocol and redirect them to the DNSCrypt-proxy server.
The easiest way to block ads is through the hosts file . On the Internet you can find many open sources that provide access to the list of unwanted domains. I use this repository , designed to block ads and other unimportant content. The repository contains a script written in Python, which updates the existing hosts file in the system, according to the repository itself. To automate this process, it is enough to create a scheduled task in the system. I do it like this:
The "-a" parameter indicates the script to run in automatic mode, that is, without the need to confirm actions by the user.
The "-r" parameter instructs the script to replace the hosts file that is active in the system.
Thanks for attention!
For those who do not know, Dnscrypt is a unique protocol for encrypting DNS traffic. It makes it possible to protect DNS communications from interceptions and spoofing, and for example, bypass blocking implemented at the level of DNS queries.
Of the main features of the new version, first of all, I would like to note the possibility of communication with the server via TCP, which makes such a channel more stable and less noticeable.
')
In this article, we will take advantage of this advantage and for variety / benefit we will limit access to advertising domains.
Dnscrypt-proxy
In the new version, rewritten by the author in the Go language, the Dnscrypt-proxy settings are stored in the configuration file “dnscrypt-proxy.toml”. Consider only the parameters of interest:
# true DNSSEC require_dnssec = false # true DNS- TCP. force_tcp = false # DNS-, DNSCrypt. fallback_resolver = '9.9.9.9:53' By the way, now DNSCrypt caches requests and updates the list of servers without the need for any additional configuration.
Dnsmasq
Dnsmasq will accept normal DNS requests on port 53 of the UDP protocol and redirect them to the DNSCrypt-proxy server.
/etc/dnsmasq.conf no-resolv # - DNSCrypt server=127.0.0.1#5353 listen-address=127.0.0.1 proxy-dnssec Ad blocking
The easiest way to block ads is through the hosts file . On the Internet you can find many open sources that provide access to the list of unwanted domains. I use this repository , designed to block ads and other unimportant content. The repository contains a script written in Python, which updates the existing hosts file in the system, according to the repository itself. To automate this process, it is enough to create a scheduled task in the system. I do it like this:
# crontab -e @daily python ////hosts/updateHostsFile.py -ar The "-a" parameter indicates the script to run in automatic mode, that is, without the need to confirm actions by the user.
The "-r" parameter instructs the script to replace the hosts file that is active in the system.
Thanks for attention!
Source: https://habr.com/ru/post/351664/
All Articles