52f0553209
The dnscrypt-proxy service relays regular DNS queries to a DNSCrypt enabled upstream resolver. The traffic between the client and the upstream resolver is encrypted and authenticated, which may mitigate the risk of MITM attacks and third-party snooping (assuming a trustworthy upstream). Though dnscrypt-proxy can run as a standalone DNS client, the recommended setup is to use it as a forwarder for a caching DNS client. To use dnscrypt-proxy as a forwarder for dnsmasq, do ```nix { # ... networking.nameservers = [ "127.0.0.1" ]; networking.dhcpcd.extraConfig = "nohook resolv.conf"; services.dnscrypt-proxy.enable = true; services.dnscrypt-proxy.localAddress = "127.0.0.1"; services.dnscrypt-proxy.port = 40; services.dnsmasq.enable = true; services.dnsmasq.extraConfig = '' no-resolv server=127.0.0.1#40 listen-address=127.0.0.1 ''; # ... } ``` |
||
---|---|---|
.. | ||
assertions.nix | ||
check-config.nix | ||
crashdump.nix | ||
ids.nix | ||
lib.nix | ||
locate.nix | ||
meta.nix | ||
nixpkgs.nix | ||
passthru.nix | ||
version.nix |